Home  >   Articles   >  User Management - Authentication
Articles in this section

User Management - Authentication

Authenticate every user’s Login method, Password Policy, and Logout Policy to preserve security.
R
Ruba
30 Nov, 2023 - Updated 11 months ago
Table of Contents

Introduction 

Did you know you can set up login, logout, and password policies for users?

 

Yes, you heard that right! If you want users to adopt a certain login method, not log in after a certain time, reset their password after a fixed period, etc., you can control that.

The provision of specifying your own login, logout, and password policies gives you the benefit of customization. 

Read on to learn how.
 

Feature Availability

 

Sales Starter

Sales Professional

Sales Enterprise

All-in-One Professional

All-in-One Enterprise

Feature Availability

SAML-based login

-

-

Login Hours

-

-

-

Authorization of Login IPs

 

-

 

-

 

 

-

 

 

Note: SAML-based login is also available on Help Desk Enterprise. 

 

Login Methods

Vtiger CRM provides the following login methods: 

  • Password - Users must enter their Vtiger email address and password to log in.
  • Single Sign-on (SSO) - Users can log in via their Google, LinkedIn, Office 365, Facebook, or Twitter credentials.
  • Two-factor authentication - Users must go through two identification checks to log in:
  1. Enter the username and password 
  2. Enter the code sent to their email address/phone number
  • Security Assertion Markup Language (SAML) - Users can use the credentials of a SAML-based IDP to log in. To learn more about SAML-based login, click here.
 

Follow these steps to choose one or more login methods: 

  1. Log in to your CRM account.
  2. Click the User Menu on the top right corner of the CRM screen.
  3. Click Settings.
  4. Look for the User Management section.
  5. Select Authentication.
  6. Click the Edit icon on the top right corner of the page.
  7. Go to the Login Method section.
  8. Enable the checkbox for whichever login method you want to use.
    • SAML-based login requires you to fill in some details. To learn how to set it up, click here.
  9. Click Save
 

Choose how to log a user’s location details with User location logging.


Country is the default selection. If you choose Locality, the browser prompts the user for permission to use their location.

  • If the user allows permission, then their locality, city, state, and country details are stored during each session.
  • If the user denies permission, then only country details are stored.

Login Hours

Admins can control when users can log in to the CRM based on their business hours.

 

Follow these steps to configure login hours:

  1. Log in to your CRM account.
  2. Click the User Menu on the top right corner of the CRM screen.
  3. Click Settings.
  4. Look for the User Management section.
  5. Select Authentication.
  6. Click the Edit icon on the top right corner of the page.
  7. Go to the Login Hours section.
  8. Click +Add.
  9. Select a user from the Roles/Users column.
  10. Select the login hours from the Login Hours column.
    • Login hours are based on the business hours set up by you. To learn more about setting up Business Hours in Vtiger CRM, click here.
  11. Click Save.
 

What happens if a user is already logged in when their login hours end

  • A timer starts 15 minutes before the user’s login hours end.
  • After the login hours end, 
    • The user continues to see the current page but cannot perform any actions or navigate to another page.
    • The user cannot update records via Web Services or the Vtiger mobile app (Vtiger 360).
  • If the user is on a phone call and their login hours end, then the phone call record is not created.
  • A warning is shown when a user tries to log in beyond their login hours. 
 

Password Reset Policy

You can manage the following with the password reset policy:

  • Password reset frequency
    1. Use this option to select how frequently users must change their password. 
    2. You can set a frequency of 1 month, 3 months, 6 months, or 12 months. 
    3. An email is sent to users requesting them to change their password when the frequency is met.
 

Follow these steps to set up the password reset policy:

  1. Log in to your CRM account.
  2. Click the User Menu on the top right corner of the CRM screen.
  3. Click Settings.
  4. Look for the User Management section.
  5. Select Authentication.
  6. Click the Edit icon on the top right corner of the page.
  7. Go to the Password Reset Frequency section.
  8. Select the frequency from the Password Reset Frequency dropdown.
  9. Click Save.
 
  • Allow old passwords: Choose whether users can reuse old passwords. 
 

Follow these steps to set up the password reset policy:

  1. Log in to your CRM account.
  2. Click the User Menu on the top right corner of the CRM screen.
  3. Click Settings.
  4. Look for the User Management section.
  5. Select Authentication.
  6. Click the Edit icon on the top right corner of the page.
  7. Go to the Password Reset Policy section.
  8. Enable the Allow Old Passwords checkbox to allow reusing old passwords, disable it otherwise.
  9. Click Save.
 

Tip: It is recommended that you do not reuse an old password as it may cause a security risk.

Logout Policy

 Here’s what you can control with the logout policy:

  • Inactive session logout interval - Specify the period after which a user must be logged out automatically if there is no activity. 

Follow these steps to specify the logout time interval:

  1. Log in to your CRM account.
  2. Click the User Menu on the top right corner of the CRM screen.
  3. Click Settings.
  4. Look for the User Management section.
  5. Select Authentication.
  6. Click the Edit icon on the top right corner of the page.
  7. Go to the Logout Policy section.
  8. Select the time after which a user must be logged out from the Inactive Session Logout Interval dropdown.
  9. Click Save.

Users are logged out of their sessions after the specified period irrespective of what device the session is running on.

 
  • Concurrent session limit - Set up the number of active user sessions that can exist simultaneously. 

Follow these steps to specify the number of active concurrent sessions:

  1. Log in to your CRM account.
  2. Click the User Menu on the top right corner of the CRM screen.
  3. Click Settings.
  4. Look for the User Management section.
  5. Select Authentication.
  6. Click the Edit icon on the top right corner of the page.
  7. Go to the Logout Policy section.
  8. Select a number from the Concurrent Session Limit dropdown.
  9. Click Save.
 

A user can have a maximum of 4 concurrent sessions. Here are the different combinations allowed: 

  • 2 web browser and 2 mobile sessions
  • 2 web browser and 2 tablet sessions
  • 2 web browser, 1 mobile, and 1 tablet sessions
 

When you set the active session limit to 3, then a user can log in using one of the following combinations:

  • 2 web browser sessions, 1 mobile or 1 tablet session
  • 2 mobile sessions, 1 web browser or 1 tablet session
  • 2 tablet sessions, 1 mobile or 1 web browser session 
 

Note: When you try to log in beyond the active session limit, you receive the following alert:

 
  1. Click the Sign Out button to sign out of a current session. 
    • You can also click Sign out of all active sessions.
  2. Click Try to sign in again.

Login IPs

You can control a user’s login activity by specifying the IP address or a range of IP addresses from where they can log in. Users can log in only from authorized IP addresses. 

Login IP addresses can be authorized for users or roles. 

 

Follow these steps to authorize IP address for users:

  1. Log in to your CRM account.
  2. Click the User Menu on the top right corner of the CRM screen.
  3. Click Settings.
  4. Look for the User Management section.
  5. Select Authentication.
  6. Click the Edit icon on the top right corner of the page.
  7. Go to the Login IPs section.
  8. Click +Add.
  9. Select the IP TypeStatic IP or IP Range.
    •  Static IP: Click inside the Static IPs text area and type the IP addresses.
    •  IP Range: Click inside the Network IP/CIDR text area and type the IP address range.
  10. Select Users or Roles from Type. This specifies who can log in using the IP addresses entered in the previous step.
    • Users: Pick the users from the Users dropdown. To learn more about Users in Vtiger CRM, click here.
    • Roles: Pick the roles from the Roles dropdown. To learn more about Roles in Vtiger CRM, click here.
  11. Enable the Restrict Mobile Access toggle button to restrict access from mobile devices to the specified IP addresses. 
  12. Click Save to save the login IP configuration. 
  13. Click Save to save the changes made to the Authentication set up.
 

Here are the warning messages that you see when users try to Login IP rules:

  • When a user tries to log in from an unauthorized IP address.
  • When mobile access is restricted and the user tries to log in from a mobile device.
 

Note

  • If a user and their profile are configured with two separate IPs, then the user can log in from both the IPs.
  • When a user is suspended or deleted, their configuration is removed from the CRM.
  • You can find the login history of users under Settings > User Management > Login History.
Was this article helpful?
2  out of  3  found this helpful.
Comments 0
Be the first to comment
© Copyright 2023 Vtiger. All rights reserved.