Submit a request Sign In
  • Logout
    Home  >   Articles   >  User Management - Authentication
    Articles in this section
    Authenticate Emails with SPF, DKIM, and SenderID Auto forward your emails to Vtiger Automate Outgoing Emails in Email Settings Managing User Profiles Automation - Approvals Setting up User Roles Automation - Assignment Rules Set up Multi-path Workflows Creating a Scheduled Workflow Automation - Scheduler Creating a Workflow Webforms in Vtiger CRM Set up a Workflow Action to Create Event Set up a Workflow Action to Create Records Set up a Workflow Action to Create Task Set up a Workflow Action to Invoke Custom Function Set up a Workflow Action to Create an SMS Task Set up a Workflow Action to Send Mails Set up a Workflow Action to Update Fields Automation - Workflow Action - Webhook Automation - Workflows - Vtiger Expressions Configuration - Business Hours Configuration - Company Details Configuration - Consents Configuration - Customer Portal Maps in Vtiger CRM Configuration - Usage Details Configuring Encrypted Data Fields in Vtiger CRM Configure Picklist Dependencies Considerations for Deactivating Vtiger Users Control Fields and Record Displays using Configuration Editor Create Reminders for Records and Inbox Create a field of a Grid type Dealing with Currencies and Taxes Enable Desktop Notifications on Chrome Web Browsers Vtiger CRM Add-ons IMAP Configuration - 2-way sync between Vtiger and IMAP providers Setting up Autopay & Payment Gateways Inventory - Tax Management Inventory - Terms and Conditions Login to Vtiger on SSO SAML using ADFS Mailroom Functionality for Different Scenarios Manage Multiple Currencies Marketing and Sales - Deal to Project Mapping Marketing and Sales - Lead Conversion Data Mapping Marketing and Sales - Profile Scoring Module Management - Labels Editor Module Management - Module Numbering My Preferences My Preferences - Calendar Settings Tags in Vtiger My Preferences - Notification Preferences SAML Support in Vtiger CRM Set up Mailroom Settings - Configure Module Settings Settings - Create Dynamic Fields and Layouts Module Management - Creating a Relationship Between Modules Settings - Customize Records and Fields for your Business Settings - How to set email autoresponder to Webform submission? Settings - Left Menu Settings - Manage Global Picklists in Vtiger Settings - Set up your Support Team Settings - Start Up Page Settings - Working with Picklist Values Module Management - Module Builder Support - SLA Policies Troubleshooting Login Issues Add-Edit Unsubscribe Links in your Email Template User Management - Encrypted Field Access Logs User Management - Groups User Management - Login History User Management - Profiles User Management - Roles User Management - Settings Log User Management - Sharing Rules User Management - Users User Management - Vtiger Support Access Vtiger Buzz - Chrome Extension for Notifications Vtiger Implementation wizard Vtiger Language Support Configuring Websense Trackers Websense - Widgets Configuration - Storage Guard Customizing your Self-Service Portal Theme Using CSS Styles Adding Hidden Fields to a Webform Login Page Customization Creating App-specific Password for Gmail Outgoing Server Module Management - Module Layouts & Fields Settings - Personalize Module Layouts Module Management - Modules Adding Custom Module Automation - SMS Reply Actions Duplicate Prevention in Modules Configuring Dependent Fields and Blocks for Modules Formula Fields Creating Custom Filters Adding a local DNS Entry

    User Management - Authentication

    Authenticate every user’s Login method, Password Policy, and Logout Policy to preserve security.
    R
    Ruba
    30 Nov, 2023 - Updated 4 months ago
    Table of Contents

    Introduction 

    Did you know you can set up login, logout, and password policies for users?
     

    Yes, you heard that right! If you want users to adopt a certain login method, not log in after a certain time, reset their password after a fixed period, etc., you can control that.

    The provision of specifying your own login, logout, and password policies gives you the benefit of customization. 

    Read on to learn how.
     

    Feature Availability

     

    Sales Starter

    Sales Professional

    Sales Enterprise

    All-in-One Professional

    All-in-One Enterprise

    Feature Availability

    SAML-based login

    -

    -

    Login Hours

    -

    -

    -

    Authorization of Login IPs

    		  

    -

    		  

    -

    		  

    		 

    -

    		  

     

    Note: SAML-based login is also available on Help Desk Enterprise. 

     

    Login Methods

    Vtiger CRM provides the following login methods: 

    • Password - Users must enter their Vtiger email address and password to log in.
    • Single Sign-on (SSO) - Users can log in via their Google, LinkedIn, Office 365, Facebook, or Twitter credentials.
    • Two-factor authentication - Users must go through two identification checks to log in:
    1. Enter the username and password 
    2. Enter the code sent to their email address/phone number
    • Security Assertion Markup Language (SAML) - Users can use the credentials of a SAML-based IDP to log in. To learn more about SAML-based login, click here.
     

    Follow these steps to choose one or more login methods: 

    1. Log in to your CRM account.
    2. Click the User Menu on the top right corner of the CRM screen.
    3. Click Settings.
    4. Look for the User Management section.
    5. Select Authentication.
    6. Click the Edit icon on the top right corner of the page.
    7. Go to the Login Method section.
    8. Enable the checkbox for whichever login method you want to use.
      • SAML-based login requires you to fill in some details. To learn how to set it up, click here.
    9. Click Save
     

    Choose how to log a user’s location details with User location logging.


    Country is the default selection. If you choose Locality, the browser prompts the user for permission to use their location.

    • If the user allows permission, then their locality, city, state, and country details are stored during each session.
    • If the user denies permission, then only country details are stored.

    Login Hours

    Admins can control when users can log in to the CRM based on their business hours.

     

    Follow these steps to configure login hours:

    1. Log in to your CRM account.
    2. Click the User Menu on the top right corner of the CRM screen.
    3. Click Settings.
    4. Look for the User Management section.
    5. Select Authentication.
    6. Click the Edit icon on the top right corner of the page.
    7. Go to the Login Hours section.
    8. Click +Add.
    9. Select a user from the Roles/Users column.
    10. Select the login hours from the Login Hours column.
      • Login hours are based on the business hours set up by you. To learn more about setting up Business Hours in Vtiger CRM, click here.
    11. Click Save.
     

    What happens if a user is already logged in when their login hours end

    • A timer starts 15 minutes before the user’s login hours end.
    • After the login hours end, 
      • The user continues to see the current page but cannot perform any actions or navigate to another page.
      • The user cannot update records via Web Services or the Vtiger mobile app (Vtiger 360).
    • If the user is on a phone call and their login hours end, then the phone call record is not created.
    • A warning is shown when a user tries to log in beyond their login hours. 
     

    Password Reset Policy

    You can manage the following with the password reset policy:

    • Password reset frequency
      1. Use this option to select how frequently users must change their password. 
      2. You can set a frequency of 1 month, 3 months, 6 months, or 12 months. 
      3. An email is sent to users requesting them to change their password when the frequency is met.
     

    Follow these steps to set up the password reset policy:

    1. Log in to your CRM account.
    2. Click the User Menu on the top right corner of the CRM screen.
    3. Click Settings.
    4. Look for the User Management section.
    5. Select Authentication.
    6. Click the Edit icon on the top right corner of the page.
    7. Go to the Password Reset Frequency section.
    8. Select the frequency from the Password Reset Frequency dropdown.
    9. Click Save.
     
    • Allow old passwords: Choose whether users can reuse old passwords. 
     

    Follow these steps to set up the password reset policy:

    1. Log in to your CRM account.
    2. Click the User Menu on the top right corner of the CRM screen.
    3. Click Settings.
    4. Look for the User Management section.
    5. Select Authentication.
    6. Click the Edit icon on the top right corner of the page.
    7. Go to the Password Reset Policy section.
    8. Enable the Allow Old Passwords checkbox to allow reusing old passwords, disable it otherwise.
    9. Click Save.
     

    Tip: It is recommended that you do not reuse an old password as it may cause a security risk.

    Logout Policy

     Here’s what you can control with the logout policy:

    • Inactive session logout interval - Specify the period after which a user must be logged out automatically if there is no activity. 

    Follow these steps to specify the logout time interval:

    1. Log in to your CRM account.
    2. Click the User Menu on the top right corner of the CRM screen.
    3. Click Settings.
    4. Look for the User Management section.
    5. Select Authentication.
    6. Click the Edit icon on the top right corner of the page.
    7. Go to the Logout Policy section.
    8. Select the time after which a user must be logged out from the Inactive Session Logout Interval dropdown.
    9. Click Save.

    Users are logged out of their sessions after the specified period irrespective of what device the session is running on.

     
    • Concurrent session limit - Set up the number of active user sessions that can exist simultaneously. 

    Follow these steps to specify the number of active concurrent sessions:

    1. Log in to your CRM account.
    2. Click the User Menu on the top right corner of the CRM screen.
    3. Click Settings.
    4. Look for the User Management section.
    5. Select Authentication.
    6. Click the Edit icon on the top right corner of the page.
    7. Go to the Logout Policy section.
    8. Select a number from the Concurrent Session Limit dropdown.
    9. Click Save.
     

    A user can have a maximum of 4 concurrent sessions. Here are the different combinations allowed: 

    • 2 web browser and 2 mobile sessions
    • 2 web browser and 2 tablet sessions
    • 2 web browser, 1 mobile, and 1 tablet sessions
     

    When you set the active session limit to 3, then a user can log in using one of the following combinations:

    • 2 web browser sessions, 1 mobile or 1 tablet session
    • 2 mobile sessions, 1 web browser or 1 tablet session
    • 2 tablet sessions, 1 mobile or 1 web browser session 
     

    Note: When you try to log in beyond the active session limit, you receive the following alert:

     
    1. Click the Sign Out button to sign out of a current session. 
      • You can also click Sign out of all active sessions.
    2. Click Try to sign in again.

    Login IPs

    You can control a user’s login activity by specifying the IP address or a range of IP addresses from where they can log in. Users can log in only from authorized IP addresses. 

    Login IP addresses can be authorized for users or roles. 

     

    Follow these steps to authorize IP address for users:

    1. Log in to your CRM account.
    2. Click the User Menu on the top right corner of the CRM screen.
    3. Click Settings.
    4. Look for the User Management section.
    5. Select Authentication.
    6. Click the Edit icon on the top right corner of the page.
    7. Go to the Login IPs section.
    8. Click +Add.
    9. Select the IP TypeStatic IP or IP Range.
      •  Static IP: Click inside the Static IPs text area and type the IP addresses.
      •  IP Range: Click inside the Network IP/CIDR text area and type the IP address range.
    10. Select Users or Roles from Type. This specifies who can log in using the IP addresses entered in the previous step.
      • Users: Pick the users from the Users dropdown. To learn more about Users in Vtiger CRM, click here.
      • Roles: Pick the roles from the Roles dropdown. To learn more about Roles in Vtiger CRM, click here.
    11. Enable the Restrict Mobile Access toggle button to restrict access from mobile devices to the specified IP addresses. 
    12. Click Save to save the login IP configuration. 
    13. Click Save to save the changes made to the Authentication set up.
     

    Here are the warning messages that you see when users try to Login IP rules:

    • When a user tries to log in from an unauthorized IP address.
    • When mobile access is restricted and the user tries to log in from a mobile device.
     

    Note

    • If a user and their profile are configured with two separate IPs, then the user can log in from both the IPs.
    • When a user is suspended or deleted, their configuration is removed from the CRM.
    • You can find the login history of users under Settings > User Management > Login History.
    Was this article helpful?
    2  out of  3  found this helpful.
    Comments 0
    Be the first to comment
    Home
    Privacy Policy
    Terms of Service
    Security Center
    Policy & Legal Center
    Contact Us
    © Copyright 2023 Vtiger. All rights reserved.
    Powered by Vtiger