Service Manager powered by HEAT
Setting Up User Login
This section contains information about various login configurations.
•Defining the Login Credential Priority
•About Setting the Password Policy
•Viewing a List of Users with External Logins
•Configuring the Session Timeout
•Working with Security History
•Logging In or Accessing Records Using URLs
•Configuring the Save For Later Feature
Defining Account Locking
Use the Security & Session workspace to manage the account locking configuration for the current tenant.
There are two types of locking:
•A soft lock is when you enter an incorrect password a certain number of times. After a certain amount of time, the account unlocks.
•A hard lock is when you are locked out and the only way to fix this is by having an administrator unlock the account.
Follow these steps to configure locking:
1.From the Configuration Console, click Configure > Security Controls > Security & Session to open the Security & Session workspace.
2.Navigate to the Account Locking section.
3.Enter information into the fields. The default settings can be re-set to different values.
| Field | Description |
|---|---|
| Enabled | Enables account locking. Unselect to disable account locking. |
| Soft Lock Attempts | The number of login attempts a user can make before the account is soft locked. Default setting is 5 attempts. |
| Soft Lock Period | The time, in minutes, for the soft lock to be in effect. Default setting is 5 minutes. |
| Hard Lock Attempts | The number of login attempts a user can make before the account is hard locked. Default setting is 20 login attempts before the account is locked. |
| API Key | The API key. The API key is required for soft locking to work correctly. See Working with API Keys. |
Defining the Login Credential Priority
Use the Security & Session workspace to define which login credentials to use first when logging in.
1.From the Configuration Console, click Configure > Security Controls > Security & Session to open the Security & Session workspace.
2.Navigate to the Login Priority section.
By default, Try internal login before external is checked, directing Ivanti Service Manager to use internal login credentials before attempting to use external authentication credentials.
3.To use external login credentials first, disable this option.
About Setting the Password Policy
The system configures all available password fields (such as TenantEmailConfiguration and TenantEmailMailbox to be of password field type. You can only define one password policy for a tenant; therefore, the password policy must accommodate all the various password values configured in the tenant.
Setting the Password Policy
Use the Security & Session workspace to manage the password policy for each tenant.
1.From the Configuration Console, click Configure > Security Controls > Security & Session to open the Security & Session workspace.
2.Navigate to the Password Policy section.
3.Enter information into the fields. The default settings can be re-set to values available in the drop‑down menus.
| Field | Description |
|---|---|
| User Passwords Expire in | Number of days before the password must be changed. Default setting is Never Expires. |
| Minimum Password Length | Minimum length for passwords. Default setting is 7 characters |
| Password Complexity |
Specifies the password complexity requirements for system users: No restriction Caps and lower case required Caps and lower case and number required (is the default setting). Advanced: Allows you to create a regular expression that can check the password characters against the requirements you define, such as uppercase characters (A-Z), lowercase characters (a‑z), base‑10 digits (0‑9), and special characters (for example, !, $, #, %). |
| Allow Forgot Password Request | Adds a link to the application login page where users can request a new password. |
| Forgot Password Email Subject | The contents of the subject line of the Forgot Password email. |
| Forgot Password Letter Template |
The text of the Forgot Password email. Include the ($TempInternalAuthPassword) string used to generate a temporary password. The temporary password expires within 3 days of the password request. |
4.Click Save Policy.
After updating the policy, the system sends an error message if a user tries to change a password to one that does not meet the updated password policy. The policy is enforced on password changes, not for previously existing passwords.
Changing User Passwords
When a user changes a password in the system, Ivanti Service Manager checks the password against current password policy requirements. If the new password does not meet the requirements, an error message appears.
Users can change their password from any of the following places:
•From the login ID menu in the Service Manager Application.
Login ID Menu
•From the Employee workspace. See Working with Employees.
•From the Forgot password link on the Login page.
Login Page
Viewing a List of Users with External Logins
The External Login workspace lists users that have logged into the system externally.
1.From the Configuration Console, click Configure > Security Controls > External Logins to open the External Login workspace.
The list of external users currently logged in are listed.
Using the Identity Store
The Identity Store workspace lists all the users who have login access to Ivanti Service Manager . These users have login IDs and passwords.
•Viewing the Identity Store List
Viewing the Identity Store List
1.Log into the Service Manager Application.
2.Open the Identity Store workspace. A list of identities appears.
3.Double-click a record from the list to see details.
Showing Identity Details
1.Log into the Service Manager Application.
2.Open the Identity Store workspace. A list of identities appears.
3.Select a user name from the list. The user details appear in the bottom panel of the window.
4.For more information, select a user from the list, then click Show Identity Details from the toolbar. The Employee workspace opens and the user details appear on the page. See Working with Employees. Edit employee details within the Employee or External Contact workspace.
Exporting an Employee List
1.Log into the Service Manager Application.
2.Open the Identity Store workspace. A list of identities appears.
3.Click Export Employee List from the toolbar. The export confirmation window appears.
4.Click Yes. A second confirmation window appears.
5.Click Yes. Depending on how many records you have, the export might take several minutes, tying up your computer and possibly the database.
The Open Export window appears.
6.To open the export file in Microsoft Excel, select Open.
7.To save the file to your local computer, select Save File. The file is saved to your downloads folder.
8.Click OK.
Configuring the Session Timeout
•About the Session Timeout Interval
•Changing the Timeout Interval
About the Session Timeout Interval
You can define the time (in minutes) that the current login session can remain inactive before the system automatically times out. The specified timeout is effective the moment a user logs in.
You can change the timeout interval for your tenant. The default setting is 120 minutes. We recommend setting this to a value between 45 and 120 minutes, depending on how your users access the system. The system uses one timeout setting for both internal and external users.
When the system reaches the specified timeout interval, the system displays a message giving users the option to log in again to the current page by entering their login password. This allows user to continue working without losing any unsaved changes.
Changing the Timeout Interval
1.From the Configuration Console, click Configure > Security Controls > Security & Session to open the Security & Session workspace.
2.Navigate to the Session Timeout section.
3.Click the Timeout (Minutes) value.
4.Enter a new interval time in minutes.
5.Click Save.
The new timeout value is effective the next time you log in.
To bypass this feature, you can implement SAML 2.0 for single sign-on and pass-through authorization. This eliminates the need for a login page and allows users to directly pass through into the application. Contact Ivanti Support for more information on how to do this.
Working with Security History
You can get a list of when users log in from the Security History workspace.
Prior to Ivanti Service Manager Release 2015.2, this workspace was called the Logon History workspace.
While logged in as administrator, do one of the following:
1.Do one of the following:
•From the Service Manager Application, open the Security History workspace.
•From the Configuration Console, click Monitor > Security History to open the Security History workspace.
The list of logins appears with the following information:
| Column | Description |
|---|---|
| Event Date | |
| Event Type | |
| User | The user name. |
| Message | |
| Logged from IP | The IP address of the user. |
| Login date/time | The date and time the user logged in. |
| Login Type | The login type, such as new login. |
| Logout date/time | The date and time the user logged out. |
| Logout Type | The type of logout, such as explicit. |
| Role | The role the user logged in as. |
| Authentication Type | The authentication type used. |
| Last Request | The date and time of the last login request. |
| Successful Login | Success of the login: successful or unsuccessful attempt. |
| User Agent | The browser and operating system that the user was using. |
Allowing Framing
In the context of a web browser, a frame is a part of a web page or browser window that displays content independent of its container, with the ability to load content independently. The HTML or media elements that go in a frame may or may not come from the same web site as the other elements of content on display.
By default, Ivanti Service Manager allows framing. Use caution when allowing framing across domains, as this could lead to security problems.
1.From the Configuration Console, click Configure > Security Controls > Security & Session to open the Security & Session workspace.
2.Navigate to the Framing section.
3.Check Allow framing to allow framing, or uncheck it to disable framing.
Canceling User Sessions
You can simultaneously terminate multiple user sessions.
1.From the Configuration Console, click Monitor > Security History to open the Security History workspace.
2.Select the user sessions to cancel.
3.Click Terminate User Session. The system disables this button if any of the selected user sessions are already terminated. A confirmation window appears.
Terminate User Session
4.Click Yes.
You can also cancel sessions from the Action Menu.
Terminate User Session Quick Action
About Logging Out
When a user closes the last browser tab or window in Mozilla Firefox, the active session is stopped. This enables other users to access the application without compromising licensing limitations. This is not possible for Microsoft Internet Explorer or Google Chrome, at this time.
The active session is removed when the user closes the browser window in Microsoft Internet Explorer and Mozilla Firefox, freeing the license for other users. Google Chrome does not log out users when they close the window, but rather keeps the sessions open, allowing users to resume their session at a later time.
Was this article useful?
The topic was:
Inaccurate
Incomplete
Not what I expected
Other
Copyright © 2017, Ivanti. All rights reserved.