Logging In


Login Methods

UDMG provides the following login methods:

  • Local database authentication
  • LDAP
  • Single Sign-On (SSO)

The available login methods for a user depend on the system configuration, on the selection of service and provider on the UDMG Admin UI login page, and the user login method.

For local authentication, the user can be configured with either Standard or Standard/Authenticator App (TOTP).

For SSO authentication, the user must exist on UDMG with the email value that is known by the SSO Identity Provider.

For LDAP authentication, it is possible that the user does not exist yet in UDMG. In that case, it will be created as read-only after the LDAP authentication and granted access. To acquire more privileges, the intervention of an administrator user will be needed.


Any attempt by a user to use either the Local or LDAP authentication with an invalid username or password will receive the following error: 

Invalid credentials.

Error during SSO authentication are reported either directly on the SSO Identity Provider login page or with the error

Authentication Error.

Standard Login

The UDMG Admin UI Login page displays automatically when you bring up the UDMG Admin UI system and browse to its URL.

The Standard login URL is: http(s)://<server:port>/auth/login (or simply, http(s)://<server:port>/).

All Local accounts and LDAP-authenticated accounts authenticate through this standard login page.
 


 

Service

The UDMG service to connect to.
It defines the target environment and the available authentication methods.
The service names and parameters are configured with UDMG Authentication Proxy.

Provider

The authentication method to use for this service.

"local" is always enabled.
The available providers for a service are  configured with UDMG Authentication Proxy.

See Authentication Methods.

Username

The default login Username is admin.

Password

The user password.

Changing Your Password

Note

Changing your password is not applicable to users that log in using LDAP or SSO authentication.


To change your password at any time after you have logged in:

Step 1

On the User task bar, click the User Actions drop-down list arrow to display a menu of user actions.
 

Step  2

Click Change Password. The Change Password dialog pops up.
 

Step 3

Enter your Current Password and a New Password, and reenter your new password in Confirm New Password.

Step 4

Click the Save button.

Changing password is also possible with the following methods

  • with the UDMG command line
  • with the Users management page that is only accessible to users with the appropriate administrative access permission 

Single Sign-On Login

In case the Provider is a Single Sign-On authentication, then the username and password field are not shown and clicking on the next button will open the Sign In page from the identity provider.

Standard/Authenticator App (TOTP)

UDMG Admin UI supports the use of an Authenticator App for standard login accounts.

A user configured for Standard / Authenticator App (TOTP) as a Login Method must setup their UDMG account in their authenticator app during their initial login.

During the initial login, an enrollment page will be presented to the user assuming they authenticated successfully using their username and password:

You can switch to setup manually by clicking the Manual button:

Next, the user will be prompted to enter their Time-based one-time password (TOTP) to login to the UDMG Admin UI

Once the code is validated, the enrollment is completed and the user can proceed to the application by clicking on Go to dashboard

After the initial enrollment, you will only have to enter the Time-based one-time password (TOTP) after authenticated successfully using your username and password.

Note

The Issuer, which the authenticator app uses for identifying the account in the app, will appear as GatewayName@udmg.stonebranch.com where GatewayName is defined in the UDMG Server configuration file.

Once a user has successfully logged into the application using their Authenticator App two-factor authentication, a TOTP code will not be required to restore an expired session from the Session Expired login prompt.

Logging Out

To log out of your UDMG Admin UI session:

Step 1

On the User Task Bar, click the User Actions drop-down list arrow to display a menu of user actions.
 

Step  2

Click Logout. You are logged out of this session, and the UDMG Admin UI Login page displays.
 

Exiting without Logging Out

As a best practice, we recommend that you always end your UDMG Admin UI session by logging out before closing the browser or navigating away from the user interface.

The session will be logged out after 5 minutes of inactivity.


User Sessions


Note

This action requires the 'administration write' permission.

To display a list of currently authenticated user sessions (logged in users):

Step 1

On the User task bar, click the User Actions drop-down list arrow to display a menu of user actions.
 

Step 2

Click User Sessions to display the User Sessions list of currently authenticated user sessions.
 

For each logged in user, the User Sessions list provides the following columns of information:

Column

Description

Session IdUnique Id of the session. It can be used for terminating the session by CLI or REST API.

User

Username of the user.

Remote Address

Address of the machine from where the user logged in.

Creation Time

Date and time that the user initially logged in; in other words, when the user session was created.

Last Accessed Time

Last date and time that the client (browser) sent a request associated with this user session.

From the Users Sessions list, you can:

  • Expire the user session of a user by clicking on the Cancel Session button. The user will be logged out.