User settings

To configure the user settings for accessing the Customer Control Panel:

1. Go to Security Settings (see Navigation). The Security Settings page is displayed.
2. Go to the User settings tab. 
   
   
    

3. In the SignOn method list, select one of the following items and configure the selected method:
   

4. In the Multi-factor Authentication (MFA) group, configure how users of the Customer Control Panel use MFA on the second authentication step (see Log in to the Customer Control Panel):
   1. In the Trusted devices expire in, months field, enter the period in months during which a device used by a user to log in to the Customer Control Panel is considered trusted, so the second authentication step is skipped. The default value is 1. The minimum value is 0 (devices are never considered trusted, so the second authentication step is displayed on every login attempt). The maximum value is 12.
   2. With the Mandatory use switch, choose whether using MFA is required for all users of the Customer Control Panel. By default, the switch is Off, and every Owner can independently decide on using MFA for their account (see Accounts).
      
      • It is not possible to forbid the use of MFA.
      • After 5 unsuccessful login attempts at the second authentication step, a user is blocked for 10 minutes. This setting cannot be changed.
      • The blocking of a user at the first and second authentication steps works independently.
      
5. Click Update.

OAuth 2.0

After selecting the OAuth 2.0 item in the SignOn method list:

1. In the OAuth Client field, enter the name of a client of the OAuth server.
2. In the OAuth Client Secret field, enter the secret key used by a client of the OAuth server.
3. In the OAuth Authorize Url field, enter the URL used to redirect a user on an attempt to sign in to the Customer Control Panel.
4. In the OAuth Get Access Token Url field, enter the URL used to get the access token.
5. In the OAuth Get Profile Url field, enter the URL used to get a user's profile using the access token. The answer to this request contains a set of data, including the user's ID in OAuth. This ID defines a user to get access to the Customer Control Panel (a user ID must be entered as the CAS user attribute in OAuth for all users).

6. To set the period during which a new user can confirm the email, in the User e-mail confirmation token days to expire field, enter the number of days after which the confirmation token expires. If the field is empty, the confirmation token never expires, and a new user can confirm the email anytime after registration.

Embedded

After selecting the Embedded item in the SignOn method list:

1. Skip the the Sign in via Google switch. The current version of the Customer Control Panel does not support signing in with Google.

   The Sign in via Google switch is only available if all the Google SSO settings are specified in the global setting of the installation (see Global settings). See also Configuring access to the Customer Control Panel with Google (Google Cloud Identity).

2. To configure the sign-in rules of the Customer Control Panel, set the following options in the Login rule group:
   1. Turn On the Activate switch.
   2. In the Login attempts field, enter the number of attempts to sign in with a wrong login or password.

   3. In the Login unlock interval, minutes field, enter the period in minutes when a new attempt to sign in becomes available.

3. To configure the expiration rules of the password, set the following options in the Password expiration rules group:
   1. Turn On the Activate switch.
   2. In the Password Days to Expire field, enter the number of days when a user needs to change the password.

   3. In the Notice Days field, enter the number of days before the password expiration when a reminder about the password expiration is displayed to a user on an attempt to sign in.

4. To configure the deactivation rules for a user, set the following options in the Deactivation rules group:
   
   1. Turn On the Activate switch.

   2. In the Expire after Days field, enter the number of days after the last signing in of a user when the user becomes deactivated.

5. To set the period during which a new user can confirm the email, in the User e-mail confirmation token days to expire field, enter the number of days after which the confirmation token expires. If the field is empty, the confirmation token never expires, and a new user can confirm the email anytime after the registration.