Manager settings

To configure the manager settings for accessing the Operator Control Panel:

1. Go to Security Settings (see Navigation). The Security Settings page is displayed.
2. Go to the Manager settings tab. 
   
   
    

3. In the SignOn method list, select one of the following items and configure the selected method:
   

4. In the Multi-factor Authentication (MFA) group, configure how managers use MFA on the second authentication step (see Signing in to the Operator Control Panel with manager's credentials):
   1. In the Trusted devices expire in, months field, enter the period in months during which a device used by a manager to log in to the Operator Control Panel is considered trusted, so the second authentication step is skipped. The default value is 1. The minimum value is 0 (devices are never considered trusted, so the second authentication step is displayed on every login attempt). The maximum value is 12.
   2. With the Mandatory use switch, choose whether using MFA is required for all managers of the reseller. By default, the switch is Off, and managers can independently decide on using MFA (see Configuring manager's MFA methods).
      
      • It is not possible to forbid the use of MFA.
      • After 5 unsuccessful login attempts at the second authentication step, a manager is blocked for 10 minutes. This setting cannot be changed.
      • The blocking of a manager at the first and second authentication steps works independently.
      
5. Click Update.

LDAP/AD

If the LDAP/AD item is selected in the SignOn method list:

1. In the Admin Dn field, enter the name of the administrator in LDAP/AD (for example, uid=admin,ou=Admins,dc=ldap,dc=activecloud,dc=com).
2. In the Admin Password field, enter the password for the administrator.
3. In the Host field, enter the to connect to the database for authentication.
4. In the Port field, enter the port number to connect to the database.
5. In the User Search Filter field, enter the parameter that is used to find a manager's login to the Operator Control Panel. This parameter is used to find a manager in LDAP/AD and check the password.
6. In the User Search Base field, enter the search base for managers.
7. To activate an SSL connection, turn On the Enable SSL switch.
8. To activate verifying the SSL certificate, turn On the Verify SSL certificate switch.
   
   
   
   
9. In the Attributes synchronization group, set the mapping of the following manager's attributes with the LDAP/AD attributes:
   • Email — the field name in LDAP/AD that stores a manager's email.
   • Name — the field name in LDAP/AD that stores a manager's name.

   If a manager's login was changed in Active Directory (AD) used by a reseller, the email (login) is synchronized in ActivePlatform.

   
   
   
   

10. In the Role's synchronization group, set the mapping of the following manager's roles with the LDAP/AD attributes:
    • Activate — turn On the switch to activate the roles' synchronization.
    • Role — the field name in LDAP/AD that stores a manager's role when the roles' synchronization is activated.
    • Default role — select the role of a manager set in ActivePlatform by default when the roles' synchronization is turned off.
    
    

OAuth 2.0

If the OAuth 2.0 item is selected in the SignOn method list:

1. In the OAuth Client field, enter the name of a client of the OAuth server.
2. In the OAuth Client Secret field, enter the secret key used by a client of the OAuth server.
3. In the OAuth Authorize Url field, enter the URL used when a manager tries to log in to the Operator Control Panel.
4. In the OAuth Get Access Token Url field, enter the URL used to get the access token.
5. In the OAuth Get Profile Url field, enter the URL used to get the manager's profile using the access token. The answer to this request contains a set of data including the manager's ID in OAuth. This ID is used to define a manager, which will get access to the ActivePlatform (a manager ID must be entered as the CAS user attribute in OAuth for all managers).
   
   

Embedded

If the Embedded item is selected in the SignOn method list:

1. To activate for the reseller signing in to the Operator Control Panel with a Microsoft account (see Signing in to the Operator Control Panel with Microsoft), turn On the Sign in via Azure AD (multi-tenant application) switch.

   The Sign in via Azure AD (multi-tenant application) switch is only available if all the Azure Active Directory settings are specified in the global setting of the installation (see Global settings). See also Configuring access to the Operator Control Panel with Microsoft (Azure AD).

   
   
   
   

2. To configure the login rules to the Operator Control Panel, set the following options in the Login rule group:
   1. Turn On the Activate switch.
   2. In the Login attempts field, enter the number of attempts to log in with a wrong login or password.

   3. In the Login unlock interval, minutes field, enter the period in minutes when a new attempt to log in will be available.
      
      
      
      

3. To configure the expiration rules of a password, set the following options in the Password expiration rules group:
   1. Turn On the Activate switch.
   2. In the Password Days to Expire field, enter the number of days when a manager need to change the password.

   3. In the Notice Days field, enter the number of days before the password expiration when a reminder about the password expiration is displayed to a manager on an attempt to log in.
      
      
      
      

4. To configure the deactivation rules for a manager, set the following options in the Deactivation rules group:
   
   1. Turn On the Activate switch.

   2. In the Expire after Days field, enter the number of days after the last manager login when a manager will be deactivated.