Overview

Network admins can configure the web portal access settings from here

Basic Configuration

To help protect your domain's data from unauthorized access, network admins can specify a list of IP addresses from which users can log in.

1. IP Range: Enter the start IP address and the end IP address to limit users from accessing the web portal only from the specified IP range. You can optionally add groups synced from the AD/LDAP providers in the AD Group text box. You can add a name for the specified IP range for quick identification and categorization.

2. Add a new IP range: Click the Add a new IP range link to add multiple IP range addresses for web portal access to your domain.

3. Save: Click the Save button to apply the basic configurations for browser access.

Configuring Two Factor Authentication (2FA) Settings

As a security measure, network admins can mandate Two Factor Authentication (2FA) for the domain. With 2FA, all users MUST use an additional security code to login to their accounts along wit their account password.

There are three different ways to retrieve authentication codes for your users during login. You can either:

• 2FA token via Email: The secure authentication code is sent to a user's primary email ID setup in the user's profile.

• 2FA token via Authenticator app: Users MUST download an authenticator app to their mobile device. The users will then be able to scan QR codes and retrieve authentication data for themselves.

• 2FA token via Duo app: Users MUST download the Duo Mobile app to their mobile device. The users will then be able to scan QR codes and retrieve authentication data for themselves.

By default, the two factor authentication (2FA) is disabled for the domain.

Login Token via Email

1. Enable two factor authentication (2FA): Select the 'Yes - Login token via Email' option to send a 5-digit unique login token to a user's primary email ID which they MUST enter after logging into the MangoApps domain via the web, desktop, and MAC platforms.

2. Authentication valid for: Select the time period for which the user’s authenticated session would remain valid. The possible values for the authentication validity period are - Always prompt (prompt the user for login token every time the user tries to log in), 15 mins, 30 mins, 1 hr, 1 day, 1 week, or 1 month.

   After the selected time period if the user wants to re-login then they would be required to provide a new token for security reasons.

3. Login token valid for: Select the time period for which the login token received by the user over email would remain valid. The login token is always sent over the user's primary email. The possible values for the token validity period are - 1 min, 5 mins , 10 mins, 15 mins, 30 mins, or 1 hr.

4. Skip 2FA when user logs in via an SSO connection: Mark the checkbox to not use the 2FA authentication if a user has logged in via any SSO connection.

5. Save: Click the Save button to apply the 2FA configurations.

Login token via Authenticator App

1. Enable two factor authentication (2FA): Select the 'Yes - Login token via Authenticator app' option to create a unique QR code for each user which they MUST scan using an authenticator app to generate a 6-digit authenticator code to be entered after logging into the MangoApps domain via the web, desktop, and MAC platforms.

2. Authentication valid for: Select the time period for which the user’s authenticated session would remain valid. The possible values for the authentication validity period are - Always prompt (prompt the user for login token every time the user tries to log in), 15 mins, 30 mins, 1 hr, 1 day, 1 week, or 1 month.

   After the selected time period if the user wants to re-login then they would be required to provide a new authenticator code for security reasons.

3. Skip 2FA when user logs in via an SSO connection: Mark the checkbox to not use the 2FA authentication if a user has logged in via any SSO connection.

4. Save: Click the Save button to apply the 2FA configurations.

Recommended Authenticator Apps

Users need to download an authenticator app to their mobile device to scan QR codes and retrieve authentication data.

Here are some recommended authenticator apps, you can follow the links to download and install them:

• Google Authenticator (Android/iPhone/BlackBerry)

• DUO Mobile (Android/iPhone)

• Authenticator (Google Chrome extension)

Login Token via Duo App

1. Enable two factor authentication (2FA): Select the 'Yes - Login token via Duo app' option to create a unique QR code for each user which they MUST scan using the DUO Mobile app to generate a 6-digit authenticator code to be entered after logging into the MangoApps domain via the web, desktop, and MAC platforms.

2. Authentication valid for: Select the time period for which the user’s authenticated session would remain valid. The possible values for the authentication validity period are - Always prompt (prompt the user for login token every time the user tries to log in), 15 mins, 30 mins, 1 hr, 1 day, 1 week, or 1 month.

   After the selected time period if the user wants to re-login then they would be required to provide a new authenticator code for security reasons.

3. Integration Key: Enter the integration key received from the application you protected in your DUO account.

4. Secret Key: Enter the secret key received from the application you protected in your DUO account.

5. API hostname: Enter the API hostname received from the application you protected in your DUO account.

6. Skip 2FA when user logs in via an SSO connection: Mark the checkbox to not use the 2FA authentication if a user has logged in via any SSO connection.

   Skip 2FA when user logs in via an SSO connection:

7. Save: Click the Save button to apply the 2FA configurations.

Configuring the Session Timeout Settings

Users in confidential environments may need shorter session timeout periods to improve security. With a session timeout period set, your domain will automatically log users out if they are inactive for a set period of time. If users leave their machine and forget to log off, their computers cannot be logged into without their password.

1. Timeout user's session after: Select the timeout period of inactivity to automatically terminate a user's current session. The possible values are - Never (never terminate a session), 10 mins, 30 mins, 1 hour, 4 hours, 8 hours, or 12 hours.

2. Save: Click the Save button to apply the session timeout configurations.

Configuring the Advanced Login Settings

The Advanced Login Settings apply only for the Admin Portal to provide additional domain administration security and does NOT apply to network and guest users. Network admins can configure a PIN (shared by all network admins) which all admins will need to enter to access the Admin Portal. When network admins log into the Admin Portal they will need to enter the PIN before they can proceed.

1. The URL to access teh admin portal: The URL for network admins to access your domain's Admin Portal.

2. Enable setup PIN: Mark the checkbox to setup a PIN for all admins which they will need to enter to access the Admin Portal.

3. PIN: Enter the preferred alphanumeric pin shared by all network admins.

4. Save: Click the Save button to apply the advanced login settings.

Configuring the Password Auto-Complete Settings

Network admins can restrict browsers from remembering or storing MangoApps account passwords for auto-complete.

1. Disable storing of password by the browser: Mark the checkbox to restrict browsers from storing MangoApps account passwords.

2. Save: Click the Save button to apply the password auto-complete settings.

FAQs

Can users reset the QR code?

Yes, in case a user loses access to the mobile device they used at the time of two factor authentication (2FA) activation, network admins can reset the QR code for the login associated with the user via Admin Portal > Users > Manage Users > User Tools > Reset QR Code. See Reset QR Code for more information.