In this article, we will walk you through the process of authenticating administrators to Cloudi-Fi Admin Console. The authentication process ensures only authorized users can access and manage the system.
1. Account Types for Administrators
When configuring authentication for administrators in a Cloudi-Fi Admin Console, two main account types are typically used: Local Accounts and SAML-based Accounts.
Local Accounts
A Local Account is an account that is created and managed directly within Cloudi-Fi Admin Console. Administrators authenticate with a username (often an email address) and a password stored in Cloudi-Fi system.
See How to create a new administrator account ?
Authentication through SAML (Security Assertion Markup Language)
SAML is an authentication protocol that allows an organization to use Single Sign-On (SSO) and external identity providers for authentication purposes. Instead of managing passwords locally, Cloudi-Fi delegates authentication to a trusted identity provider (IdP), such as Okta, Azure AD, or Google.
How SAML Authentication Works
- 1/ Administrator attempts to log in: When the admin clicks to access Cloudi-Fi Admin Console, they are redirected to the organization's identity provider (IdP).
- 2/ Identity provider authenticates the admin: The IdP prompts the admin to provide login credentials (or uses existing SSO sessions).
- 3/ Authentication token is sent back: Upon successful authentication, the IdP sends a SAML token back to the Cloudi-Fi system, containing the user's identity and role.
- 4/ Access granted: Based on the token, Cloudi-Fi grants the administrator access to the relevant features.
Features of SAML Authentication
- Single Sign-On (SSO): Once logged in, admins can access multiple connected applications without needing to re-enter their credentials.
- Centralized User Management: User identities and credentials are managed externally by the IdP.
- Multi-Factor Authentication (MFA): The IdP can enforce MFA policies to provide an additional layer of security for administrators.
See
- How to set up SAML authentication for your Administrators with Azure ?
- How to set up SAML authentication for your Administrators with OneLogin ?
- How to set up SAML authentication for your Administrators with Okta ?
- How to set up SAML authentication for your Administrators with Google ?
- How to set up SAML authentication for your Administrators with AD FS ?
2. Password Policy
If your organization is using Local Accounts, enforcing a strong password policy is critical for security. Below are the typical elements of a secure password policy
- Password validity period : Administrators will be requested to change their password after this time period
- Password Length and Complexity: Minimum Length: Passwords should be at least 6 characters.
-
Character Mix: Passwords should include:
- Alpha characters : Allow any alpha characters, upper OR lower case ( a-zA-Z )
- Uppercase and lowercase letters (e.g., A, a)
- Digital characters (e.g., 0-9)
- Special characters (e.g., @, #, $, !)
- Has to be different from last : password must be different from the password history count selected below
- Previous password count to remember : password history used to make sure administrator choose a new password
- Two-Factor Authentication (2FA): 2FA should be enabled to add an extra layer of security. After entering their password, admins would receive a one-time code (via SMS). If you enable 2FA, ensure that a phone number is added for each administrator to allow for authentication.
3. Audit Logs
Audit logs are essential for tracking activities within Cloudi-Fi Admin Console. They help maintain transparency, detect suspicious behavior, and ensure compliance with security policies.
Key Events Captured in Audit Logs
Audit logs track a wide range of events related to admin activities, such as:
- Login and Logout Events: Track login attempts, including timestamps and the IP address of the admin.
- Account Changes: creation, modification, or deletion of administrator accounts; role or permission changes, password resets or changes.
- Configuration Changes: Any adjustments to settings, such as locations configuration updates, password policy updates, SAML configurations
- Data Access and Modifications: Track whenever visitors data is accessed or modified by an administrator.
- ...
Retention of Audit Logs:
Audit logs are retained for all the duration of your subscription to meet compliance standards.
What's next
If you have any question about the Administrators' authentication, please refer to our support documentation or contact our support team.