USER SECURITY & PASSWORDS

Created by Rhizla Alexandra Poblete, Modified on Mon, 1 Jul at 1:53 PM by Rhizla Alexandra Poblete

A2000 ONLINE SUPPORT DEPARTMENT

KNOWLEDGE BASE

USER SECURITY & PASSWORDS

This is an important document for the A2000ERP system administrator to know.

CONTENTS 1. Login Mechanism

2. Access Control by IP & Schedules

3. Deactivated users After 5 Failed Attempts

4. Password Policy Setting

5. Administering Passwords

6. Setting Up 2FA with Google Authenticator

1. LOGIN MECHANISM

To keep out bots attempting to login to your

system, user may setup with 2FA (2-factor

authentication) or CAPTCHA or both.

A) Logging into A2000ERP will need to enter via a password and a CAPTCHA challenge

(using simple mathematical operators).

B) 2FA is setup using Google Authenticator

(setup instructions at the end of this document)

Option to setup is by user, and this is done in

User Maintenance. See the user setup screen

below:

NOTE: In this setting, users are encouraged to set the Auto-clear Cache @Logout for their users too. This will clear remaining data that stay in the browser cache

2. ACCESS CONTROL BY IP & SCHEDULES

In certain security sensitive companies, the users may be blocked from accessing the A2000ERP system outside the office. Some may want to restrict the time where users may access the system.

The settings are done here (in the User Maintenance screen):

All IP Addresses, All Time

This setting allows user to login from any PC anywhere with no time restriction.

All IP Addresses, Schedule Only

This setting allows user to login from any PC anywhere, but comes with a timing restriction. If this is selected, the SCHEDULE button will appear for you to select the operable time (according to the home country time zone this account book is setup). See following example, where only the green highlighted time zones are permitted for this user:

Restricted IP Addresses, Schedule Only

This setting is the same, as Item (B) above, but the user can only access the system from a specific IP address.

Some users may set the office IP address (if they are only allowed to use within the office premises) in the Enter Restricted IP box.

3. DEACTIVATED USERS AFTER 5 FAILED ATTEMPTS

Should a user failed to login after 5 attempts, their login account will be de-activated for security reason. They will not be able to login anymore until the system administrator re-enable them.

RECOMMENDATION: All users should note this, and after the 4rd failed attempt, they should reset their password through the Forget Password link. Else they will face a lock-out and need to request administrator to reset them.

A. HOW TO RESET USER WHO IS DE-ACTIVATED?

Go to User Maintenance Listing page. At the top, the administrator can see a button call Check De-activated Users. Click on this and a list of deactivated users will appear. They can simply re-toggle them back into active status. See below:

B. WHAT HAPPEN IF ADMINISTRATOR FORGET THEIR PASSWORD?

If the administrator is one who seldom log into the system, we recommend they keep a copy of the login password somewhere safe. Else they should have more than one admin user who can access this User Maintenance screen.

NOTE: It is a security requirement for the company to write in officially to our Customer Care Department to re-activate your users. A2000 Customer Care has not authority to re-activate any user, as we cannot ascertain if they are deactivated by accident or not.

4. PASSWORD POLICY SETTING

System administrator is encouraged to set a password policy, that governs all users in the system.

See example of a policy below here, that dictates the password must have at least

✓ 1 x lower case,

✓ 1 x upper case,

✓ 1 x number,

✓ 1 x special character

✓ 8 characters long and

✓ Change every 180 days.

5. ADMINISTERING PASSWORDS

A. HOW TO RESET MY LOST PASSWORD?

Users losing/forgetting password is a very common incident. A2000ERP now handles this at the system level where administrators do not need to reset these for internal staff.

Login IDs are uniquely the user’s email. Should any staff lose their password, they should go to the login screen and type FORGOT PASSWORD. The system will send them a link to reset their own password.

B. CAN ADMIN MANAGE PASSWORD FOR THEIR USERS?

Yes, this is possible for ADMIN to manage passwords for their team members. For the password to be managed by ADMIN USER, the following 2 settings must be done to ensure prevent the user from resetting their own password:

Access to the User Maintenance must be disabled for the user, and

The default value in User Maintenance à Able to Reset Own Password (enable) must be changed to Disabled.

NOTED: It is NOT RECOMMENDED for ADMIN to assigns passwords. for audit and security reasons. Every transaction entered in the system has a flag which user had created it. If the access passwords is given by someone else (other than the user himself), it will open up disputes who had entered what. As such, it dilutes the audit control which attaches accountability to users creating the transactions.

C. CAN ADMIN MANAGE PASSWORD FOR THEIR USERS

You DO NOT need to change the password for any staff that leaves the company. Simply go to ADMIN CONTROL PANEL, and de-activate the respective user(s). They will no longer be able to access the system. Nor can an inactive user be able to request for password reset.

6. SETTING UP 2FA WITH GOOGLE AUTHENTICATOR

Google Authenticator is an application that implements two-step verification services for our users as an added layer of security. It uses a time-based one-time password algorithm and HMAC-based one-time password algorithm for authenticating users of mobile applications by Google.

To set up 2FA with Google Authenticator (GA) follow the steps below:

Google Authenticator Requirements:

Download the GA app for Android or iOS

Setting up Google Authenticator:

A. Once the GA app is installed, login into your A2000ERP Cloud ERP using your account. From the Menu Home -> System Admin -> User Maintenance

B. From the user list you can able to setup which user want to use Two-factor Authentication (2FA).

C. Select one of the user accounts and click on Set 2FA Authentication button. A QR Code will appear.

D. Scan the QR code with your phone by using the Google Authenticator app. A 6-digit code will appear on the Authenticator app.

E. Enter the 6-digit code into the Verification Code below the QR code and then click Verify to save the 2-Factor for your phone.

F. Click Save button from User Maintenance to keep the Two-factor Authentication (2FA) for this user.

G. You’re done! 2FA via Google Authenticator is set up. Whenever you access A2000ERP and the system ask for an authentication code, you may pick it up from Google Authenticator

* END *

Disclaimer: The information provided here is provided on an as-is basis without warranty of any kind, either expressed or implied, including warranties of merchantability and fitness for a particular purpose. In no events shall A2000 Solutions Pte Ltd or its agents, distributors and suppliers (collectively known as A2000) be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if A2000 have been advised of the possibility of such damages. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. All third party trademarks are the property of their respective owners.