Manager settings

To configure the manager settings for accessing the Operator Control Panel:

  1. Go to Security Settings (see Navigation). The Security Settings page is displayed.
  2. Go to the Manager settings tab. 


     

  3. In the SignOn method list, select one of the following items and configure the selected method:

  4. In the Multi-factor Authentication (MFA) group, configure how managers use MFA on the second authentication step (see Signing in to the Operator Control Panel with manager's credentials):
    1. In the Trusted devices expire in, months field, enter the period in months during which a device used by a manager to log in to the Operator Control Panel is considered trusted, so the second authentication step is skipped. The default value is 1. The minimum value is 0 (devices are never considered trusted, so the second authentication step is displayed on every login attempt). The maximum value is 12.
    2. With the Mandatory use switch, choose whether using MFA is required for all managers of the reseller. By default, the switch is Off, and managers can independently decide on using MFA (see Configuring manager's MFA methods).
  5. Click Update.

General security settings that are always applied in the Operator Control Panel:

  • It is not possible to forbid the use of MFA.
  • After 5 unsuccessful login attempts, a manager is blocked for 2 minutes.
  • The blocking period is doubled after every next 5 unsuccessful login attempts.
  • Unsuccessful login attempts at the first and second authentication steps are summed up.
  • The unsuccessful attempt counter is reset only after a successful login.

LDAP/AD

If the LDAP/AD item is selected in the SignOn method list:

  1. In the Admin Dn field, enter the name of the administrator in LDAP/AD (for example, uid=admin,ou=Admins,dc=ldap,dc=activecloud,dc=com).
  2. In the Admin Password field, enter the password for the administrator.
  3. In the Host field, enter the to connect to the database for authentication.
  4. In the Port field, enter the port number to connect to the database.
  5. In the User Search Filter field, enter the parameter that is used to find a manager's login to the Operator Control Panel. This parameter is used to find a manager in LDAP/AD and check the password.
  6. In the User Search Base field, enter the search base for managers.
  7. To activate an SSL connection, turn On the 
  8. To activate verifying the SSL certificate, turn On the 
  9. In the Attributes synchronization group, set the mapping of the following manager's attributes with the LDAP/AD attributes:
    • Email — the field name in LDAP/AD that stores a manager's email.
    • Name — the field name in LDAP/AD that stores a manager's name.

    If a manager's login was changed in Active Directory (AD) used by a reseller, the email (login) is synchronized in ActivePlatform.




  10. In the Role's synchronization group, set the mapping of the following manager's roles with the LDAP/AD attributes:
    • Activate — turn On the switch to activate the roles' synchronization.
    • Role — the field name in LDAP/AD that stores a manager's role when the roles' synchronization is activated.
    • Default role — select the role of a manager set in ActivePlatform by default when the roles' synchronization is turned off.

Embedded

If the Embedded item is selected in the SignOn method list:

  1. To activate for the reseller signing in to the Operator Control Panel with a Microsoft account (see Signing in to the Operator Control Panel with Microsoft), turn On the Sign in via Azure AD (multi-tenant application) switch.

    The Sign in via Azure AD (multi-tenant application) switch is only available if all the Azure Active Directory settings are specified in the global setting of the installation (see Global settings). See also Configuring access to the Operator Control Panel with Microsoft (Azure AD).




  2. To configure the expiration rules of a password, set the following options in the Password expiration rules group:
    1. Turn On the Activate switch.
    2. In the Password Days to Expire field, enter the number of days when a manager need to change the password.

    3. In the Notice Days field, enter the number of days before the password expiration when a reminder about the password expiration is displayed to a manager on an attempt to log in.



  3. To configure the deactivation rules for a manager, set the following options in the Deactivation rules group:
    1. Turn On the Activate switch.

    2. In the Expire after Days field, enter the number of days after the last manager login when a manager will be deactivated.