Only an Administrator can enable and configure TBA
By setting a Token Based Access (TBA) you are able to enforce that users are only able to login after they have activation link Token access email that they have received.
In this way you will enforce an extra check on the identity of a user and you will create a higher security level.
A Token can be used in various levels and it is also possible to (partially) configure the validity of a Token.
Method
When a user with activated TBA is trying to login he/she will get a request to activate a token.
They will have to select 'Office', 'Home', 'On the Road'', this will effect the validity of the TBA.
When the user selects Token for 'Home' then this token will stay valid for 24 hours.
When the user wants to login from an unknown IP for Carerix application then he/she will receive the request to activate a Token.
TBA uses cookies, make sure that this is allowed in your browser
Login as Administrator
Go to 'Maintenance' | 'Settings'
Block 'Token Based Access'
Activate Token Based Access
tbaRequired
Options: YES or NO
NO: whether TBA will be enforced depends on the user settings
YES: TBA will be enforced, despite of what user settings are set
If tbaRequired is enabled (YES), there are four more options to setup:
These options are equal to a number of options one has to setup TBA per user, however having tbaRequired enabled means that the settings apply to all users in the system (including administrators!).
ipBasedAccess
Options: YES or NO
NO: There will be no restriction on IP-address. With a valid token a user can log on from any location.
YES: only from (in the ip-access field) specified IP-addresses a user can access your Carerix application.
workTokenAllowed
Options: YES or NO
NO: users cannot create/request a work token with the related validity settings.
YES: users can create/request a work token with the related validity settings.
homeTokenAllowed
Options: YES or NO
NO: users cannot create/request a home token with the related validity settings.
YES: users can create/request a home token with the related validity settings.
roadTokenAllowed
Options: YES or NO
NO: users cannot create/request a on-the-road token with the related validity settings (always one-time use).
YES: users can create/request a on-the-road token with the related validity settings (always one time use).
Please note:
Make sure that you have the right combination of settings if you want to work with generically forced Token Based Access. Wrongly configured TBA settings may result in locking your self out of your Carerix. Make sure that it is always possible to create/request at least one type of token and - in case IP restriction is enabled - that a known IP address is added to the IP access field.
homeTokenPeriod
Options : 1month, 2months, 3months, ect.
In this field you will be able to set the validity of a token.
When the validity time has expired the user will receive a request to activate a new token.
Important: When the homeTokenPeriod field does not contain a value then the value of 1month will be used
activatedTokenWorkPeriod
Options: 1month, 2months, 3months, etc.
In this field you will be able to set the validity of a workplace token.
When the validity time has expired the user will receive a request to activate a new token.
Important: When the activatedTokenWorkPeriod field does not contain a value then the workspace token will be unlimited valid.
The 'On the Road' token is "one-time only".
Every new session needs a token activation.
IP access
It's also possible to use TBA to only allow access to Carerix using IP addresses.
Read the article: Token Based Access - Allow Login from specific locations (IP)
Also read article: Token Based Access (User)
____
Keywords: UD-2082, activation