User settings

To configure the user settings for accessing the Customer Control Panel:

Go to Security Settings (see Navigation). The Security Settings page is displayed.
Go to the User settings tab.
In the SignOn method list, select one of the following authentication methods and configure the selected method:
Changing the authentication method terminates all active sessions of the Customer Control Panel users.
To set the period during which a new user can confirm the email, in the User e-mail confirmation token days to expire field, enter the number of days after which the confirmation token expires. If the field is empty, the confirmation token never expires, and a new user can confirm the email anytime after the registration.
Click Update.

OAuth 2.0

If the OAuth 2.0 authentication method is used, the following features are not available in the Customer Control Panel: configuring and using MFA, changing the password, and inviting users.

After selecting the OAuth 2.0 item in the SignOn method list:

In the OAth Authentication Flow list, select the authentication flow: Authorization code (by default) or Implicit.
If OAth Authentication Flow = Authorization code selected, in the OAuth Client Type list, select Confidential (by default) or Public.
In the OAuth Client field, enter the name of a client of the OAuth server.
If OAth Authentication Flow = Authorization code and Client Type = Confidential selected, in the OAuth Client Secret field, enter the secret key used by a client of the OAuth server.
In the OAuth Url field, enter the URL used to redirect a user on an attempt to sign in to the Customer Control Panel.

Embedded

Security settings that cannot be changed:

It is not possible to forbid the use of MFA.
After 5 unsuccessful login attempts, a user is blocked for 2 minutes.
The blocking period is doubled after every next 5 unsuccessful login attempts.
Unsuccessful login attempts at the first and second authentication steps are summed up.
The unsuccessful attempt counter is reset only after a successful login.

After selecting the Embedded item in the SignOn method list:

Skip the the Sign in via Google switch. The current version of the Customer Control Panel does not support signing in with Google.
The Sign in via Google switch is only available if all the Google SSO settings are specified in the global setting of the installation (see Global settings). See also Configuring access to the Customer Control Panel with Google (Google Cloud Identity).
To configure the expiration rules of the password, set the following options in the Password expiration rules group:
1. Turn On the Activate switch.
2. In the Password Days to Expire field, enter the number of days when a user needs to change the password.
3. In the Notice Days field, enter the number of days before the password expiration when a reminder about the password expiration is displayed to a user on an attempt to sign in.
To configure the deactivation rules for a user, set the following options in the Deactivation rules group:
1. Turn On the Activate switch.
2. In the Expire after Days field, enter the number of days after the last signing in of a user when the user becomes deactivated.
In the Multi-factor Authentication (MFA) group, configure how users of the Customer Control Panel use MFA on the second authentication step (see Log in to the Customer Control Panel):
1. In the Trusted devices expire in, months field, enter the period in months during which a device used by a user to log in to the Customer Control Panel is considered trusted, so the second authentication step is skipped. The default value is 1. The minimum value is 0 (devices are never considered trusted, so the second authentication step is displayed on every login attempt). The maximum value is 12.
2. With the Mandatory use switch, choose whether using MFA is required for all users of the Customer Control Panel. By default, the switch is Off, and every Owner can independently decide on using MFA for their account (see Accounts).