Aptli

Authentication

Authentication verifies a user is able to access your application, but doesn't define what they can see or alter. (./authorization)

Authentication verifies your identity before you can access Aptli. You log in with your email and password, and the system maintains a secure session.

Customizing Admin Settings

Modification of any of these settings will require access to "AppSettingSchemasModify" on the user profile. This is granted by default to super admins upon access to the application, but may be shared by other admins. To see the admin rights a user has view their profile under users (http://your host/admin/users) and see Admin Rights.

Checking Admin Rights

The following may be customized to overide the (defaults):

  • Allowed Domains - A list of domains which can access the application. Only requests that are from an allowed list of domains will be generated when a user attempts to sign up /auth/signup. (Default: your host)
  • Allow Registration - Allow users in the allowed domains to create unregistered accounts and automatically receive emails to register them without having an admin approve the request. (Default: false)
  • Max Login Attempts - Number of failed login attempts before an account is set to "hard lock." Once an account is hard locked it will to be unlocked by someone with usersUpdate admin rights. (Default: 5 tries)
  • Automatic Logout time: Duration in seconds of how long a session can last without any interaction. Reading or writing data while on line resets this count down. (Default: 1 day)
  • Server Session Timeout: Time to automatically close a session on the server regardless of the Automatic Logout Time expiry in minutes. Expiry will force a user to log back in. (Default: 1 week)
  • Session Expiry: Time to automatically close a session on the application regardless of how long the Automatic Logout Time is. This will normally coincide with the CSRF token and align if the user is using one device, but multiple devices may give different results if one login is deferred significantly after the other. (Default: 1 week).
  • Active Login Methods: Enables SSO options to appear or disables the Username/Password option. At least one option must be selected, though configuration of the SSO alternatives should be handled with Aptli's devs. (contact@aptli.io) (Default: Username/Password)

Force Logout

  • From the admin pages /admin/users a user can be hard locked and logged out from the actions menu against each user: User Actions

Troubleshooting Login:

If a user is having trouble logging in start by viewing the profile in the admin > users link or go to /admin/users. Login problems are likely because of one a few possibilities:

  • Deleted Account. If you can't find the user account either by scrolling or filtering by case-sensitive email in the upper left, they may have been deleted. If you have the "viewDeleted" access on your profile, you should see a button in the upper right See Deleted. Clicking this and refreshing will show deleted accounts. If you have usersCreate admin right, you can undelete the account through the actions button on their profile.
  • Hard Lock. Users can be hard locked if they've entered the wrong password too many times or this can also be manually set to prevent them from further access. Look for Hard Lock If you have userUpdate admin right you can unlock their profile.
  • The user's email has not been validated. In the user's validated email field there should be a date when the user has verified completed their validation process. A link with a 10-minute token is sent to the user to activate their account. If it's not completed they can't login through any method, including SSO.
  • Bad domain. Noted above in the application settings users cannot be added if they're from an unrecognized domain. Slight changes may occur over time if the domain name changes, but "external" addresses may be added manually by an admin with usersCreate through the menu in the upper right.

If you make changes to an account, you'll need to submit them through the upload changes button shown as a cloud with an arrow pointing up. Changes to user profiles take effect immediately. See Deleted

Further questions can always be answered through your contact through support@aptli.io