The Password Management section covers topics related to administering passwords and authentication on your Sugar instance including the use of Active Directory and LDAP.
- Configuring LDAP Authentication Using Active Directory
Sugar can be configured to accept Lightweight Directory Access Protocol (LDAP) authentication if your organization has implemented LDAP or Active Directory authentication. When users in your system attempt to log into Sugar, the application will authenticate them against your LDAP directory or Active Directory. If authentication is successful, the user is allowed to log into Sugar. If the authentication is unsuccessful, Sugar will then attempt to verify the provided credentials against its own database of valid usernames and passwords.
- Configuring SSO With Active Directory's ADFS
Sugar allows single-sign-on authentication using ADFS and SAML which allows Sugar to be integrated into a connected system using a single user ID and password. This article walks through configuring ADFS and Sugar in order to allow external authentication using SAML 2.0. For more information about external authentication methods, please refer to the Password Management documentation.
- Enabling Users to Reset Forgotten Passwords
Sugar has a "Forgot Password?" feature that administrators can enable to let users reset their passwords if they forget it. By default, this option is disabled for LDAP authentication purposes. This article explains how to enable the option if you are not using LDAP authentication for your Sugar instance.
- Modifying the Unsuccessful Login Lockout Period
The lockout period depends on what the administrator has specified on the Password Management page. The system restores the ability to log in after the specified time interval has elapsed.
- Resetting the Administrator Password From the Database
In the event that a Sugar administrator cannot log in, you can reset the administrator password from the database in order to regain access to any administrative functions in the application. If an administrator can log in, please refer to the Change a User's Password article instead.
- Restricting Which LDAP Users Can Log In
With LDAP configured with Sugar, you may have settings established that allow any user who enters their LDAP credentials to log into Sugar. This creates a new user account for each individual that logs in and can inadvertently exceed your license count or grant unintended access to sensitive data. This article covers how to ensure that only users who are explicitly created in Sugar can log in with their LDAP credentials.
- Security Layers for User Authentication in Sugar
Sugar offers multiple layers of security to protect your organization from security issues related to user authentication. These are listed below:
Last modified: 08/31/2016 05:48pm