Login

The login area is essential for the authentication of users inside the system.

On this page, it is possible for any user to redefine their password (by clicking the link Forgot your password?).

login

To change the password, you must type your user login. The system will then send a message to the email address subscribed when the user was registered on the Platform.

reset password

When you click on Send me reset password instructions, the screen will show a confirmation message. If the email is not received within a few minutes, a new one might be sent using the link Try again.

reset password

The email with instructions will contain a link to redirect the user to the password change screen. Pay attention to these details:

  • The code sent by email will be valid for 2 hours after the delivery is confirmed.

  • If the user has requested more than one redefinition password code, the last one will be the only valid one.

change password

After you insert the new password and request the change, you will be redirected to the login page, where you can access the system with your new password.

Multi-Factor Authentication

When multi-factor authentication (MFA) for users is active, all registered users will be redirected to the MFA flow screen. This flow comprises some steps:

i) authentication of user and password on the Platform;

ii) acquisition of the MFA key; and

iii) MFA key authentication.

  1. The first step of user validation will always occur, regardless of the MFA flow being active or not, and it happens right on the initial login screen. Now, the second step demands that the user has installed in their mobile device (smartphone, tablet, etc.) the application that will read the MFA key and deliver valid authentication tokens when necessary.
    mfa download app

  2. The QR-Code check for token generation creates a key randomly and shows this key only once.
    mfa scan secret

  3. After reading the QR code, the app on your mobile device will generate codes that must be inserted on the Additional Security Verification field to go through with the user’s authentication. In case there are problems with the authentication app or the device is lost, the user will be able to request a validation token via email (the same email registered for the user inside the Platform). After the code is successfully verified, the user will be redirected to the home page of the API Manager.
    mfa insert token
    mfa success

SAML Connection

Once a connection with an external identity provider has been activated (which is done on the Integrations screen), the Manager login screen will change:

login

Upon clicking the button SIGN IN, the users will be taken to the login screen of the chosen identity provider and must enter their credentials for access. Users who had been registered on the Manager before the connection was active will no longer be able to log in using the username and password from the Manager, only their credentials from the identity provider.

New users that log in through the external provider will automatically be added to the Manager’s user list. If the SAML connection is disabled at any time, the users created automatically will not be deleted. However, their access to the Manager will be blocked until they create a password — which can be done through the link Forgot your password? on the login screen. Users who had already registered a password before the SAML connection was active will also be blocked from logging in until they reset their password through the same link. See more about the control of users from third-party identity providers here.

Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]