Adxstudio Portals Training Authentication Options

Authentication Configurable and Easy Services Provided Include: Local (username/password) user sign-in External (social Provider) user sign-in Two-Factor authentication with email or SMS Configured with Site Settings – Full list available in documentation ADFS or Custom Open ID/Oauth providers can also be implemented using ACS or Open Auth Different Authentication modes can be mixed and matched. You don’t have to choose one or the other

Local Authentication Username and Password stored in the CRM Password is a hidden, encrypted field Simply Switch it on or off using the Site Setting: Authentication/Registration/LocalLoginEnabled

Lost Password Reset If a user forgets their password, they can choose to have a password reset email sent to them Requires the site setting: Authentication/Registration/ResetPasswordEnabled

Changing a Password A user can change their password at any time. The username cannot be changed after it is set. If an administrator wants to reset the password in the CRM, run the “Change Password” dialog

Federated Authentication The user selects an identity provider such as: Windows Live ID, Google, Facebook, etc. The user is authenticated by the identity provider If successfully authenticated, the user is returned to the portal A user recognized as a returning/registered user becomes an authenticated user of the portal The token returned by identity provider to identify the user is stored within CRM, as an ‘External Identity’ record Users can have any number of external identities enabled Username stores the Identity Token Also Stored is the Identity Provider itself To enable External Identity must set the following site setting to true: Authentication/Registration/ExternalLoginEnabled

Manage External Accounts A single identity from each of the configured identity providers can be connected Identity Providers are configured Individually with site settings Allows for OAuth2 Social Providers, and WS-Federation Providers including ADFS and Azure ACS Once connected, the user may choose to sign-in with any of the connected identities Existing identities can also be disconnected as long as a single external or local identity remains

Connecting External Accounts Choose from a list of enabled providers, and connect one or more to your user account

OAuth2 Providers Providers Supported: The OAuth 2.0 based external identity providers involve registering an "application" with a 3rd party service to obtain a "client ID" and "client secret" pair The client ID and client secret are configured as portal site settings in order to establish a secure connection from relying party to identity provider Providers Supported: Microsoft Account Twitter Facebook Google LinkedIn Yammer Yahoo

WS-Federation Providers A single AD FS server can be added (or another WS- Federation compliant security token service, STS) as an identity provider In addition, a single Azure ACS namespace can be configured as a set of individual identity providers The Setup is involved, but well-documented on the Adxstudio Community Portal

Two-Factor Identification When enabled, increases security by requiring proof of ownership of a confirmed email or mobile phone The first time the user attempts to sign in on a device, they will be sent a security code to their email or mobile device, they will need to submit this to sign-in If the Portal is set to remember browser, this will only happen once per browser, per device Site Settings: Authentication/Registration/TwoFactorEnabled Authentication/Registration/RememberBrowserEnabled