User Authentication

This screen allows an administrator to manage how a user is authenticated, to suspend their ability to log in or to override the site default for password expiration.

Authentication Methods

  • Authentication via password - Normally on, this toggle allows or disables password authentication. The only time you would toggle this off is if you have turned the next toggle on.
  • Authentication by SSH key - Toggle this on if the account will be using a scripted connection using public key authentication. Once toggled on and saved, a new SSH tab will appear, where you can insert the user's public SSH key.

User Status

  • User is active - Toggle this OFF if you want to disable the user's ability to log in. Otherwise, always leave this ON.
  • Suspend date - If you want the user to be automatically suspended on a future date, put the date here. If you manually set the User is active toggle to OFF, the current date will appear.

Password Expiration

  • The inherited site setting is: XXX days - This will show the default site setting for password expiration.
  • Override the site setting - Toggle this ON to override the default password expiration for this user. Additional fields will then appear:
    • Never expire user's password - Toggle this on to set the override to NEVER.
    • Number of days until expiration - If the Never toggle is OFF, set this to the number of days you want this user's password to expire.

One-time Passcodes (OTP)

  • Require OTP - Toggle this ON to require the user to use 2-factor authentication via OTP.
  • OTP Delivery - This determines which of the three OTP methods is required by this user:
    • Use SMS Message - To send user OTP codes via SMS text message. If chosen, you will need to choose their cellular carrier and enter their phone number.
    • Use Email Message - To send user OTP codes via the Email address on their user record.
    • Use TOTP App - To use Time-based OTP apps that change the code every 30 seconds. If chosen, the user will be prompted to scan a special bar code with their TOTP app on next login. One scanned and saved, the user will then use 2-factor authentication with their app (such as Google Authenticator, Duo Mobile or Microsoft Authenticator). All TOTP apps are compatible.

Click Save or Cancel when done.

Send Password Reset

Clicking the Send Password Reset button initiates an email from you to the user. The user receives the same link as if they used the Forgotten Password link on the login page.

Note: This button will not appear if you have not enabled end users to reset a forgotten password. It will also not appear if the user has no email address on file. See the Edit screen to enter a missing email address.

Resend New User Invite

If you have enabled the new user invite system (Settings - Passwords - New User Invites), clicking the Resend New User Invite button will resend the same invitation email that was sent when you created their user account.

Note: This button will not appear if you have not enabled the New User Invite system. It will also not appear if the user has already initialized their password from a prior invite.