How to authenticate your administrators to Cloudi-Fi Admin Console

In this article, we will walk you through the process of authenticating administrators to Cloudi-Fi Admin Console. The authentication process ensures only authorized users can access and manage the system.

1. Account Types for Administrators

When configuring authentication for administrators in a Cloudi-Fi Admin Console, two main account types are typically used: Local Accounts and SAML-based Accounts.

Local Accounts

A Local Account is an account that is created and managed directly within Cloudi-Fi Admin Console. Administrators authenticate with a username (often an email address) and a password stored in Cloudi-Fi system.

See How to create a new administrator account ?

Authentication through SAML (Security Assertion Markup Language)

SAML is an authentication protocol that allows an organization to use Single Sign-On (SSO) and external identity providers for authentication purposes. Instead of managing passwords locally, Cloudi-Fi delegates authentication to a trusted identity provider (IdP), such as Okta, Azure AD, or Google.

How SAML Authentication Works

• 1/ Administrator attempts to log in: When the admin clicks to access Cloudi-Fi Admin Console, they are redirected to the organization's identity provider (IdP).
• 2/ Identity provider authenticates the admin: The IdP prompts the admin to provide login credentials (or uses existing SSO sessions).
• 3/ Authentication token is sent back: Upon successful authentication, the IdP sends a SAML token back to the Cloudi-Fi system, containing the user's identity and role.
• 4/ Access granted: Based on the token, Cloudi-Fi grants the administrator access to the relevant features.

Features of SAML Authentication

• Single Sign-On (SSO): Once logged in, admins can access multiple connected applications without needing to re-enter their credentials.
• Centralized User Management: User identities and credentials are managed externally by the IdP.
• Multi-Factor Authentication (MFA): The IdP can enforce MFA policies to provide an additional layer of security for administrators.

See

• How to set up SAML authentication for your Administrators with Azure ?
• How to set up SAML authentication for your Administrators with OneLogin ? 
• How to set up SAML authentication for your Administrators with Okta ?
• How to set up SAML authentication for your Administrators with Google ?
• How to set up SAML authentication for your Administrators with AD FS ?

2. Password Policies

If your organization is using Local Accounts, enforcing a strong password policy is critical for security.

Cloudi-Fi's admin security policies are adaptable, allowing you to define custom password policies for each admin profile. You can configure:

• Password complexity requirements (e.g., length, character types and symbols).
• Expiration rules for periodic password changes.
• Role-specific rules that align with different admin responsibilities.

Below are the elements of a new password policy:

• State: enabled or disabled.
• Profile: The policy will be applied to the Admin Profiles you choose here.
• Expiration period: Choose how often administrators will be requested to change their password - from 7 days to 1 year.
• Password Length: Choose the length of your password, minimum 6 characters.
• Alphabetical characters: Force the password to include alphabetical characters, either lowercase or uppercase (e.g., a-z or A-Z).
• Uppercase and lowercase letters: Force the password to include uppercase AND lowercase letters (e.g., A, a).
• Digits: Force the password to include numbers (e.g., 0-9).
• Special characters: Force the password to include (e.g., @, #, $, !).
• Different from last: password must be different from previous passwords for the same admin.
• Previous password to remember: How many previous passwords should the policy consider.
• Two-Factor Authentication (2FA): 2FA should be enabled to add an extra layer of security. After entering their password, admins would receive a one-time code (via SMS). If you enable 2FA, ensure that a phone number is added for each administrator to allow for authentication.

3. Audit Logs

Audit logs are essential for tracking activities within Cloudi-Fi Admin Console. They help maintain transparency, detect suspicious behavior, and ensure compliance with security policies.

Key Events Captured in Audit Logs

Audit logs track a wide range of events related to admin activities, such as:

• Login and Logout Events: Track login attempts, including timestamps and the IP address of the admin.
• Account Changes: creation, modification, or deletion of administrator accounts; role or permission changes, password resets or changes.
• Configuration Changes: Any adjustments to settings, such as locations configuration updates, password policy updates, SAML configurations
• Data Access and Modifications: Track whenever visitors data is accessed or modified by an administrator.
• ...

Retention of Audit Logs:

Audit logs are retained for all the duration of your subscription to meet compliance standards.

What's next

If you have any question about the Administrators' authentication, please refer to our support documentation or contact our support team.