Logging In
Login Methods
The available login methods for a user depends on the system configuration, the selection of service and provider on the UDMG Admin UI login page, and the user login method. UDMG provides the following login methods:
- Local database authentication
- For local database authentication, the user can be configured with either Standard or Standard/Authenticator App (TOTP).
- LDAP authentication
- For LDAP authentication, it is possible that the user doesn't exist in UDMG yet. In this case, the user is created as read-only after the LDAP authentication and granted access. The intervention of an administrator user is needed.
- Single Sign-On (SSO) authentication
- For SSO authentication, the user must exist on UDMG with an email value that is known by the SSO Identity Provider.
Any attempt by a user to use either the Local or LDAP authentication with an invalid username or password receives the following error:
Invalid credentials.
The errors during SSO authentication are reported either directly on the SSO Identity Provider login page or with the error.
Authentication Error.
Standard Login
The UDMG Admin UI login page displays automatically when the UDMG Admin UI system and correct URL browser are brought up.
The standard login URL is http(s)://<server:port>/auth/login (or simply, http(s)://<server:port>/).
All Local accounts and LDAP-authenticated accounts authenticate through the below standard login page.
Service | The UDMG service to connect to. |
---|---|
Provider | The authentication method to use for this service. The "local" provider is always enabled. See Authentication Methods for additional information. |
Username | The user's username. The default login username is admin. |
Password | The user's password. |
Changing Your Password
Note
Changing a user's password is not applicable to users that log in using LDAP or SSO authentication.
To change a user's password at any time after logging in:
Step 1 | On the User Task Bar in the top right, click the Users Name (i.e., admin)button to display a drop-down list of user actions. |
---|---|
Step 2 | Click the Change Password from the drop-down list. The Change Password dialog box pops up. |
Step 3 | Enter the Current Password, a New Password, and the reentered Confirm Password. |
Step 4 | Click the Save changes button. |
Changing a user's password is also possible with the following methods:
- with the UDMG command line.
- within the Users Management page, which is only accessible to users with the appropriate administrative access permission.
Single Sign-On Login
If the Identity Provider is Single Sign-On authentication, then the username and password fields are not displayed. The user must click the Next button to open the Sign In page from the Identity Provider.
Standard/Authenticator App (TOTP)
UDMG Admin UI supports the use of an Authenticator App for standard login accounts.
A user configured for Standard / Authenticator App (TOTP) as a login method must set up their UDMG account in their authenticator app during their initial login.
To set a user's authentication:
Step 1 | During the initial login, an enrollment page is presented to the user assuming they authenticated successfully using their username and password. Scan QR code. |
---|---|
Step 2 | Click the Manual button for the manual setup process. |
Step 3 | Enter the time-based one-time password (TOTP) text box to login to the UDMG Admin UI. |
Step 4 | Once the code is validated, the enrollment is considered complete. Click the Go to main page button to proceed to the application or wait for the automatic redirection after 5 seconds. |
After the initial enrollment, the user only has to enter the TOTP after authenticating successfully using their username and password.
Note
The Issuer, which the Authenticator App uses for identifying the account in the app, appears as GatewayName@udmg.stonebranch.com. GatewayName is defined in the UDMG Server configuration file.
Once a user has successfully logged into the application using their Authenticator App two-factor authentication, a TOTP code is required to restore an expired session from the Session Expired login prompt.
Logging Out
To log out of a user's UDMG Admin UI session:
Step 1 | On the User Task Bar in the top right, click the Users Name (i.e., admin) button to display a drop-down list of user actions. |
---|---|
Step 2 | Click Logout. The user is logged out of the session, and the UDMG Admin UI login page displays. |
Exiting without Logging Out
As a best practice, we recommend that a user always ends their UDMG Admin UI session by logging out before closing the browser or navigating away from the user interface.
The session is logged out after 5 minutes of inactivity.
User Sessions
Note
The 'Administration Write' permission is required for listing and cancelling sessions.
To display a list of currently authenticated user sessions (logged-in users):
Step 1 | On the User Task Bar in the top right, click the Users Name (i.e., admin) button to display a drop-down list of user actions. |
---|---|
Step 2 | Click User Sessions to display the User Sessions list of currently authenticated user sessions. |
Step 3 | Click the Cancel Session button to expire the user session. The user is logged out. |
For each logged-in user, the User Sessions list provides the following columns of information:
Column | Description |
---|---|
Session Id | Unique Id of the session. It can be used for terminating the session by CLI or REST API. |
User | Username of the user. |
Remote Address | Address of the machine from where the user logged in. |
Creation Time | Date and time that the user initially logged in; in other words, when the user session was created. |
Last Accessed Time | Last date and time that the client (browser) sent a request associated with the user session. |