Agiloft provides a number of methods to configure user access. The system provides integration with common authentication standards, including Google OAuth and SAML, as well as other Single Sign-On (SSO) providers. In addition, administrators can configure hotlinks and access URLs, and set up two-factor authentication (2FA).
User information - including login, password and other data - has its source in one of two places:
- Users who actively log into Agiloft will have a user record in one of the subtables of the People table. Users are generally imported, created manually, or generated through some other automated process.
- User data may also be stored in an external system, such as in LDAP or Microsoft Active Directory, which is used as the master set of user information. An Identity Provider stores the user's login and password across several applications or systems.
Even if a user is authenticated through LDAP or ADS, Agiloft creates a user record for them that is then used in rules and other parts of the system as if the user were a native user.
How do Users Access the System?
- There are several ways to log in:
- Through a custom login page with a login block that may sit on the corporate web site.
- Through an autologin hyperlink or button that contains a login/password and other parameters – KB name, Table, State, Search, Record ID and so on – and that may be encrypted and time limited if it is sent in an outbound email.
- Through a single sign-on method – the user is logged into a corporate intranet or web portal already, and then clicks a hyperlink that passes the user information into the system to authenticate the user without having to enter a login again.
- Through the system login page.
- The system login is generally located at: https://hostname/gui2/login.jsp For certain servers http://hostname/gui2/login.jsp or http://hostname:8080/gui2/login.jsp may be used.
Custom login blocks can be added to any webpage using standard HTML like this:
This will result in:
Bash script to generate a login page
The bash script file linked below will allow you to generate such a login page. Simply download the script to the Linux server and run it:
- To let users reset a forgotten password and receive a new password by email, first assign them to a group that permits this on the General tab of the group permissions.
- If you are using a custom login page, add a Send Password link or button to your login page that calls up another custom HTML page.
Reset Password Page
The HTML code required on the reset password page is shown below. You can add additional instructions or information for the user and insert this into your own website look and feel scheme:
- Using this function does not mail the user the current password, as this could create a security problem. Instead, the password is changed to a random string of characters; this new password is sent by email and the user must then login and create a new password from inside the system.
Reset Password by SMS
In addition to email, you can allow users to receive a password reset token by SMS. A 6-digit SMS code is generated and sent to the cell phone number in the user's profile, if one exists. The login screen will change to an authentication screen where the user must enter the code.
After this, they can enter and confirm their new password.