DetectID in the Cloud for SugarCRM User Guide Software version: 1.0.0 Document version: 1.0 November 2011
DetectID in the Cloud for SugarCRM
User Guide
Software version: 1.0.0
Document version: 1.0
November 2011
http://www.easysol.net | [email protected]
Here you will find all the documentation related to the modules in
DetectID in the Cloud for SugarCRM that will help you understand it
and use it. Please read all the documentation before starting to use it. Should you have more questions or doubts, please contact us
[email protected] and we will get in touch with you.
This section will help you find all the information
about different procedures that may be required to use this module.
1. Introduction
2. Installation 3. Activation of the Module
4. The Login Process
5. Recovering Forgotten Password and User Wizard
6. Steps to disable and enable DetectID in the Cloud for SugarCRM module
7. Uninstalling and Deleting the Module 8. Frequently Asked Question
DetectID Users
This module will help you administer the users from SugarCRM that have enrolled machines. You may
also activate, deactivate or delete machines previously registered.
DetectID Configuration
This module is the core operation of DetectID in the Cloud for SugarCRM, since here you will set the
users with permission to enroll machines, configure
the email server for OTP validation and several more options.
http://www.easysol.net | [email protected]
Introduction
What is DetetectID?
The DetectID in the Cloud for SugarCRM module is a product
that adds security to the way users log in a SugarCRM instance
by using DetectID in the Cloud technology. DetectID in the Cloud is an authentication solution that implements an
integration scheme that uses second factor authentication mechanisms.
The second factor mechanism consists of the presentation of another type of additional evidence that helps demonstrate that
a person is actually who he or she claims to be. That is to say, the second authentication factor allows adding another validation
process to the ones initially required to improve information security and protection. An example of this could be the entrance
to some office buildings, where the employee first has to show the authorization ID and put the index finger on a biometric
system for his or her identification and entrance. Another case would be the ATMs, where in order to withdraw money the
person must use a debit card and enter a PIN (Personal Identification Number), so the transaction is successful.
Second authentication factors are mainly based on the following three elements:
1. Something you have: credit cards, physic tokens, or IDs.
2. Something you know: password or PIN.
3. Something you are: the person identity is evaluated through a finger print, iris recognition or face recognition.
http://www.easysol.net | [email protected]
What does the DetectID in the Cloud for SugarCRM Module do?
The second authentication factor used by DetectID in the Cloud
for SugarCRM is based on device recognition (something that you have). This mechanism allows enrolling the machine the
user is using to log in SugarCRM and permit access to previously
enrolled machines.
The usual authentication fase in SugarCRM is based on User ID credentials verification. When installing DetectID in the Cloud for
SugarCRM module, a security layer between user login process
and entrance is added. The following graphic allows better understanding the objective of the module:
Usual entrance to SugarCRM process:
Entrance to SugarCRM process after installing DetectID in the Cloud for SugarCRM module:
http://www.easysol.net | [email protected]
These are the general steps to allow user entrance once the module has been installed:
1. On the first Login screen, the existence of the username in
SugarCRM is verified.
2. Once user existence in SugarCRM has been successfully verified, the second login screen is showed. In this section, DetectID in the Cloud client component (Java Applet) is
launched with the purpose of obtaining the machine ID. This applet has been digitally signed, so a message asking
for permission to execute it will be shown. This message
must be accepted to execute the applet, so the user is able to enter SugarCRM. If the applet execution is not
successful, the user will not be able to access. (For more information on Login, click here) Once the user has written
the password and clicked on the Login button on the form, it is verified whether the password is correct. That is to
say, it is verified if it is related to the username entered in the previous step. It is important to highlight that the
module is not in charge of creating the session, since this is what SugarCRM does. The module only verifies
credentials to check if the user exists.
3. When password verification is successful, the machine used by the user to access SugarCRM is validated. If the user does not have an enrolled machine, the module will
provide the possibility of enrolling it. During the machine enrollment process, the user will be asked to enter a
description and if the option “Enroll the machine through OTP” has been activated by the administrator, the key sent
to the user email must be entered. Once description data
(and if the OTP option was activated) is complete and the user clicks on the Enroll button, data will be sent to the
server. If the process is not successful, user will not be allowed to the authentication stage (session creation), but
he or she will be automatically redirected to the fist Login screen. On the contrary, if the machine validation process
http://www.easysol.net | [email protected]
is successful, step four will be started. If the user is accessing with an already enrolled machine, it is validated.
If this process is not successful, the user will be redirected to the first login screen; if it is successful, the next step
continues.
4. The credentials that were previously evaluated by the
module are now sent to SugarCRM authentication layer to generate the session and all the information relevant to
allow application access.
Key Concepts
DetectID in the Cloud: server DetectID in the Cloud for SugarCRM module communicates with for validation and
machine enrollment processes.
OTP: One Time Password. It is a type of second factor authentication which uses a temporal password that cannot be used for a second time for authentication. If this option was
activated in the DetectID Configuration when the machine was enrolled, the OTP will be sent to the user email in order to
continue with the enrollment process.
DetectID in the Cloud Client Component: Java applet that allows identifying the machine the user is using to try to enter SugarCRM to validate machine enrollment processes.
http://www.easysol.net | [email protected]
Synchronization Options
Enrollment or user validation operations are performed through the web services exposed by DetectID server (it is important to remember
that DetectID is the technology used by the DetectID in the Cloud for SugarCRM module. Therefore, when talking about DetectID we are
referring to the server). When an user enrolls a machine, this information is sent to the DetectID database and the SugarCRM
database.
Since there are two data bases holding the same information, it could happen that either of them could have information the other could not.
For this reason, the option “Synchronize DetectID Users” was created
to bring from the DetectID server all data from users who have enrolled machines. This option also rewrites it in the SugarCRM
database, thus the information is always updated.
This operation is not mandatory and it only has to be performed when local data from users with enrolled machines and their properties in
SugarCRM need to be reset, in order to obtain the information in the DetectID server. Response time in this operation is strictly related to
the amount of users with enrolled machines.
http://www.easysol.net | [email protected]
In the detailed view in the section DetectID Users you will also find the
option “Synchronize User”, which allows bringing enrolled machines
information from the current user from DetectID server to write it in the SugarCRM database.
http://www.easysol.net | [email protected]
In the synchronization process, the option of eliminating users that are no longer in SugarCRM but were listed in the DetectID in the Cloud for
SugarCRM module is also executed (from the DetectID in the Cloud server side).
http://www.easysol.net | [email protected]
Installation
IMPORTANT:
If the DetectID in the Cloud for SugarCRM module is already installed, do not attempt a new installation by rewriting the old version, first uninstall the
DetectID in the Cloud for SugarCRM module and then install the new version. For the steps on how to uninstall the DetectID in the Cloud for SugarCRM
module click here
Requirements
The next requirements are necessary for the successful installation of the module DetectID in the Cloud for SugarCRM in the instance of SugarCRM:
1. Have installed SugarCRM 6 or a later version. 2. The relational database management system used in SugarCRM
should be MySQL. The version of MySQL is the one supported by the version of SugarCRM installed.
Starting
1. Login to SugarCRM:
http://www.easysol.net | [email protected]
2. Once you are in, click on the Admin link located in the upper right corner of the screen, as shown in the next image:
3. After the page is loaded, go to the Developer Tools section, near
the end of the page. Inside this section click on the Module Loader link:
http://www.easysol.net | [email protected]
4. In the Module Loader you'll find a button called Browse that is used to load the module that is going to be integrated with
SugarCRM:
5. Once you have clicked in the Browse button, a file dialog will be
opened. Browse to the location of the module, click on it and press the Open button:
http://www.easysol.net | [email protected]
6. After the file has been selected, click on the Upload button:
7. The module will be now in the list below the Upload button with details such as version, date published, type, description, etc. In
order to install it, click on the Install button:
http://www.easysol.net | [email protected]
8. The first step of the installation is to read and accept the License Agreement of the module. After reading it, click on Accept and
after that click on the Commit button:
9. The installation process will start and a progress bar is displayed. Optionally, you can click on the Display Log link to see more
details about the installation process. Now click on the Back to Module Loader button:
http://www.easysol.net | [email protected]
10. Now the module is located in the list of installed extensions of the SugarCRM system:
http://www.easysol.net | [email protected]
Activation of the Module
After you have installed the module DetectID in the Cloud for SugarCRM, it's necessary to activate the license key in order to access the module
services.
To activate the license follow these steps:
1. Click in the Admin link located in the upper right corner of the screen, as shown in the next image:
http://www.easysol.net | [email protected]
2. After the page is loaded, go to the DetectID in the Cloud for SugarCRM section at the end of the page and click on the option
DetectID Configuration:
3. The DetectID Configuration form will appear with all the fields
disabled because the license key has not been activated. Click on
the Enter License Key button:
http://www.easysol.net | [email protected]
4. A new text field will appear. Enter the license you were given and click on the Activate button:
5. If the license is correct, a message will show that is valid (like the
image below). You should now activate the next options:
o - Allow machine enrollment
o - Activate machines after enrollment
This initial configuration will allow the users to enroll their machines and since the machines will be activated (due the second option)
they can enter into SugarCRM.
Finally, click on the Save button to keep this configuration:
http://www.easysol.net | [email protected]
Updating the Current License:
If the license has expired or you want to change from a Demo license to an Enterprise license, click in the Update License Key and a text field
will appear again. Enter the new license and click on the Activate button
(A popup message will show a warning asking if you want to change the current license, click OK to continue).
http://www.easysol.net | [email protected]
The Login Process
Once you have installed the DetectID in the Cloud for
SugarCRM module, the users from SugarCRM can start
enrolling their machines.
One important change you will find is that the login process has
been divided in two sections, one for the username and other for the password.
The username screen will be the following:
In here you have to enter a valid username and click on the
Continue button.
Then, the password screen will be loaded:
http://www.easysol.net | [email protected]
Wait until the applet has loaded. The applet window will look
like the next image: (If you have already trusted the certificate of the applet, the dialog on the next image won't appear, since
the applet will run automatically, and you can continue to enter a valid password)
Click on the Run button (if the checkbox 'Always trust content from this publisher' is checked and you click on the Run button,
the next time you log in the dialog box of the applet won't appear, since the applet will run automatically). Then, click on
the password screen to enter a valid password and click on the Log In button.
http://www.easysol.net | [email protected]
If the username and password are valid and you are using an already enrolled machine, you will be redirected to SugarCRM
where you can start working. If this is the first time you log in and you don't have enrolled the machine you're using, after the
password page you will be redirected to the following screen:
Here you will be asked if you want to enroll the current
machine you are using. If you click No, you will be taken to the username page.
The following screens will be displayed if the options Use OTP
(One Time Password) for enrollment of machines and
Activate machines after enrollment in the DetectID Configuration are on or off.
1. If Use OTP (One Time Password) for enrollment of
machines is ON:
After you have clicked Yes on the screen with the
question "Do you want to enroll this machine?" the following page will be shown:
http://www.easysol.net | [email protected]
The image above is an example where "Jim" is the user, but once the user gets to this stage his/her data will
show here. Once you have clicked on the OK button:
The description field is the text you assign to the machine you are using to differentiate it from others machines. If you enter a duplicated description, an error message will
be shown, allowing you to enter a new description.
In the One Time Password field you should enter the
OTP you received in the email. Remember that the number of tries you have depends on the option
Maximum number of retries in the configuration of DetectID. If you exceed this number, you will be taken to
the username page with an error message. If this happens you can re-start the enrollment process and a
new OTP will be sent to your user's email.
If you click in the Cancel button, you will be taken to the username page.
1.1. If the option Activate machines after enrollment is ON and you click on the Enroll button, the
machine will be enrolled.
http://www.easysol.net | [email protected]
After this process the next screen will be shown:
The machine has been successfully enrolled. Click on the OK button to continue to SugarCRM.
1.2. If the option Activate machines after enrollment is OFF and you click on the Enroll button, the
machine will be enrolled, but will be deactivated.
After this process, the next screen will be shown:
When you click on the OK button, you will be sent to the
username page.
http://www.easysol.net | [email protected]
2. If Use OTP (One Time Password) for enrollment of machines is OFF
After you have clicked Yes in the screen with the
question "Do you want to enroll this machine?" the next page will be shown:
The description field is the text the user assigns to the machine he/she is using to differentiate it from others
machines. If you enter a duplicated description, an error
message will be shown allowing you to enter a new description.
If you click on the Cancel button, you will be taken to the username page.
2.1. If the option Activate machines after enrollment
is ON and you click on the Enroll button, the machine will be enrolled. After this process, the next screen will be
shown:
http://www.easysol.net | [email protected]
The machine has been successfully enrolled. Click on the
OK button to continue to SugarCRM.
2.2. If the option Activate machines after
enrollment is OFF and you click on the Enroll button, the
machine will be enrolled, but it will be deactivated.
After this process, the next screen will be shown:
When you click on the OK button, you will be sent to the username page.
http://www.easysol.net | [email protected]
Recovering Forgotten Password and User Wizard
There are two main ways of recovering a forgotten password:
1. In the Login:
Once you have passed the username page and you are in
the password page, you'll notice that there is a link below the Log In button called Forgot Password? If you click on
it, you will be shown the next image:
In the field User Name type your username. In the field
Email Address type the primary email of your user. Click on the Submit button and the information to recover your
password will be sent to the email specified in the previous
field.
If you check your email you will get an URL that will let you
reset the password. Once you've entered this URL, the following image will be shown:
http://www.easysol.net | [email protected]
Type your username and fill the rest of the form with the new password you want for your user. Click on the Log In
button and you will be redirected to the Username page.
2. DetailView of the Users Module
If you are an administrator and you are in the Users module
you will see the list of all the users of SugarCRM. If you click on any of them, you will end up in the DetailView of the
user you have selected. At the top left corner of this view, you will see the button Reset Password. If you click on it,
a message will be displayed telling you: "An email was sent to the user containing a system-generated password". The
selected user will receive in his/her email get a temporary password that can be used to enter and change the
password for a new one.
User Wizard
Every time a new user enters for the very first time in SugarCRM,
once he/she has passed the login area, a wizard will be displayed asking for some information about the user.
http://www.easysol.net | [email protected]
This wizard behaves in a slightly different way from the default
wizard, once you have installed Detect in the Cloud for SugarCRM. The only difference is that once the wizard has finished, the user
won't go directly into SugarCRM, but instead will be is redirected to the Login page again.
http://www.easysol.net | [email protected]
Steps to disable and enable DetectID in the Cloud for SugarCRM module
1. Click on the Admin Word in the upper right corner of the screen:
2. Once the page is loaded, go to the Developer Tools section. In this
section, click on the option Module Loader:
http://www.easysol.net | [email protected]
3. The DetectID in the Cloud for SugarCRM module will be in the extensions list. Click on the Disable button:
4. Choose the option Accept and then click on the Commit button
http://www.easysol.net | [email protected]
5. A progress bar will be displayed while the module is disabled. When it reaches the 100%, click on the Back to Module Loader button:
6. In the extensions list you will find the disabled module.
The steps to enable the module are exactly the same, except for step 3, where the button to click on is the Enable button. In step 6, the module
will be enabled.
http://www.easysol.net | [email protected]
Uninstalling and Deleting the Module
IMPORTANT:
Before you proceed with the uninstallation of the module, read the entry
of the FAQ where it explains an important issue in this process.
In order to uninstall the module from SugarCRM, please follow these
steps:
1. Click on the Admin link located in the upper right corner of the
screen, as shown in the next image:
http://www.easysol.net | [email protected]
2. After the page is loaded, go to the Developer Tools section, near the bottom of the page. Inside this section, click on the Module
Loader link:
3. The DetectID in the Cloud for SugarCRM module would be in the list of installed extensions. Click on the Uninstall button:
http://www.easysol.net | [email protected]
4. Next click on the Commit button:
5. At the end of the process, the progress bar should be in the 100%. Now click on the button Back to Module Loader:
http://www.easysol.net | [email protected]
6. Even though the process of uninstalling the module is finished, it remains listed below the upload button, since it's possible to
reinstall it at any point by just pressing the Install button and follow the instructions.
If you want to completely remove the module from SugarCRM, click
on the Delete Package:
http://www.easysol.net | [email protected]
7. A message will appear asking for confirmation, click on the OK button to proceed:
8. After this, you will notice that the module is not listed anymore:
http://www.easysol.net | [email protected]
Frequently Asked Question
1. When I disable the module in the Module Loader, why do the
login screens remain divided?
The login screens are divided so that the risk of success of brute
attacks, dictionary attacks or any combination of both is reduced.
When you disable the module, it only affects the elements inside SugarCRM (once you're login). Therefore, the login screens won't change. If the module is disabled through the Module Loader, the
login process used will be the default one from SugarCRM; but if the module is enabled through the Module Loader, the second factor for
authentication from DetectID in the Cloud for SugarCRM will be used
in the login process.
If at some point you uninstall the module, the login screen will
return to its normal state (it will be just one screen).
2. If I remove or delete the module, all the users and their enrolled machines information will be lost?
No. All data regarding DetectID Users and their enrolled machines
will be kept in the DetectID in the Cloud for SugarCRM server. The
local database used by the module has two main purposes: work as a cache system for the Model View Controller of SugarCRM and keep
the information of the module DetecID Configuration saved, so every time you or other user logs in, the configuration can be
remembered.
When you delete the module and the local tables are deleted, the
only information lost will be the settings in the DetectID Configuration module.
http://www.easysol.net | [email protected]
3. I migrated my SugarCRM instance to another server. How can I export and import all the information from the previous
DetectID in the Cloud for SugarCRM module to the new one?
Actually, there isn’t any action or option to import data from the module (although you can export the list of users from the DetectID
Users module, but this option was thought only for report
purposes), because all the information is saved in the DetectID in the Cloud for SugarCRM server and all you have to do to bring all
the information to the new instance of SugarCRM is to enter the License Key (after installing the module) from the previous instance
and all data will be retrieved.
If you have a new user in this instance of SugarCRM (compared to
the previous one), when this user logs in (assuming that the enroll options from the module are on) the enrollment process will start.
The only information you'll have to re-enter is all the settings in the DetecID Configuration module.
4. Why is not the applet executed when I use the main administrator of SugarCRM to log in?
The main administrator or the user, with id = 1, is the only user that can enter SugarCRM without the use of the second factor for
authentication (even when the module is on). It was designed this way in case something goes wrong with the service or the
enrollment process, so this administrator can enter into SugarCRM, fix the problem and restore the normal function of the module.
http://www.easysol.net | [email protected]
5. What does the message 'An unexpected error has occurred. Please contact the administrator for further information'
mean?
This message means that a problem with the server or the module has been found. To better understand the error, you can check the
log of your SugarCRM instance; all the entries that have DETID in
the log are produced by the module. The structure of the module's log is:
[Date][Log level] DETID - [Name of the File or Location of the File] - [Name of the
Function where the problem was detected][Description of the error]
An example would be:
18/2/2011 9:11:11 AM [2744][1][FATAL] DETID - detid_config - checkKey. The
current License Key is NOT valid
6. When I uninstall DetectID in the Cloud for SugarCRM module,
the progress bar stops at 25% and the last log line says Rebuilding administration Section, showing the following
error: Fatal error: Call to a member function read() on a non-object in
E:/.../sugarDirectory/ModuleInstall/ModuleInstaller.php on line 1629 ModuleInstaller->dir_file_count(???)
This error is related to some versions of SugarCRM, in which at the moment of uninstalling the DetectID in the Cloud for SugarCRM
module the process starts by eliminating the files located in the custom folder of the SugarCRM file structure. Then, in a later
process, it once again tries to eliminate them, but since they were already erased, the previous error is generated.
http://www.easysol.net | [email protected]
Follow the next steps to verify if your SugarCRM version has this bug:
(This operation must be performed by the administrator or the person with access to the SugarCRM files hosted in the server.)
1. Open the file "SugarFolderInstallation/ModuleInstall/ModuleInstaller.php"
2. Go to the section where the private function dir_file_count is located
3. Verify that the line if(!is_dir($path)) return 0; is in the function.
The final function will look like this:
private function dir_file_count($path){
//if its a file then it has at least 1 file in the directory
if(is_file($path)) return 1;
if(!is_dir($path)) return 0; // This is the line!
$d = dir($path);
$count = 0;
while ($e = $d->read()){
//ignore invisible files . .. ._MACOSX
if(substr($e, 0, 1) == '.')continue;
if(is_file($path . '/' . $e))$count++;
if(is_dir($path . '/' . $e))$count += $this->dir_file_count($path . '/' .
$e);
}
$d->close();
return $count;
}
This problem has already been solved in the latest versions of SugarCRM and you can verify by yourself the location of the line in
blue in the previously mentioned function.
http://www.easysol.net | [email protected]
7. Sometimes, there are two DetectID in the Cloud for SugarCRM users with the same name in the LastView bar.
When selecting one of them, the following message is shown: “Error retrieving record. This record may be deleted
or you may not be authorized to view it.”
To solve this problem, execute the option “Synchronize DetectID
Users” in the actions menu in the DetectID Users module:
http://www.easysol.net | [email protected]
8. When I am looking at some of the dates related to Last Connection, Start Date or Date Added, they are different to
the actual time and date in my computer.
The time of worked dates in the DetectID in the Cloud for SugarCRM module depends on the TimeZone in the user preferences
that was selected when executing the initial Wizard in the login process.
9. What does the message DetectID Server Connection with an
icon in front of that is shown on the password screen?
This icon is only shown to SugarCRM administrator users and allows
identifying the state of the connection of the DetectID in the Cloud for SugarCRM module with the DetectID in the Cloud server. If there
is a green check mark, it means the connection is working correctly: if there is a red check mark, it means there was a communication
problem and users that try to access from now on will not be able to do it. To solve this situation, please read the following entry.
http://www.easysol.net | [email protected]
10. When logging in, the following message is shown: The module DetectID in the Cloud for SugarCRM is not active. At
the moment you cannot login. Please contact the administrator for further information.
This message is displayed when there is a communication error
between DetectID in the Cloud server and DetectID in the Cloud for
SugarCRM module, restricting access to all users, except for the main administrator. This administrator can enter and deactivate
(disable) the module from the Module Loader section. This way all users will be able to access, but DetectID security is removed. Once
the communication with the DetectID in the Cloud server has been reestablished, any SugarCRM administrator will be able to access
and activate again the DetectID in the Cloud for SugarCRM module, reestablishing security when users log in.
How do I know when communication with DetectID servers has been reestablished?
When SugarCRM administrators start the logging process, a
message will be shown at the bottom of the second screen (where password is entered): DetectID Server Connection and in front of it
an icon with the state of the connection between DetectID server and DetectID in the Cloud for SugarCRM module will appear. Once
there is a green check mark in front of the message, the module can
be enabled and the security of the logging process will be reestablished.
http://www.easysol.net | [email protected]
11. Why don't I receive OTP emails when I'm enrolling a
machine?
First, go to DetectID Configuration and make sure the option Use
OTP (One Time Password) for enrollment of machines is on and the fields of the section One Time Password Mail
Configuration (OTP) are properly filled.
Second, make sure you have added an exception in your spam filters for the next mail server configuration:
Server Name: mail.easysol.net
Server IP: 66.45.255.219 Account: [email protected]
http://www.easysol.net | [email protected]
DetectID Configuration
Enable DetectID: use this option to turn on or off DetectID. This is the
fastest option to disable DetectID in SugarCRM without the need of uninstalling the module. Once this option is off, the instance of
SugarCRM will not be using DetectID in the Cloud for SugarCRM as a second factor for authentication. Even if this option is off, the login page
will remain divided, but the login process will be the same as the default of SugarCRM.
Allow machine enrollment: in the login process, a new user from
SugarCRM will be asked if he/she wants to enroll the current machine he/she is using. If this option is off, the users of SugarCRM won't be
able to enroll new machines. If there is an attempt to enroll a machine when this option is off, the user will be redirected to the login page
showing an error message. Only the users that have already enrolled
machines will be available to enter SugarCRM through these enrolled machines.
Main Administrator: all the administrators from SugarCRM will be
listed in this checkbox. The administrator that is selected is the one that will receive all the emails and notifications related to DetectID in the
Cloud for SugarCRM. An example of this situation is when a user has enrolled a machine, but this one has not been activated.
Email of the administrator: all the emails of the administrator that
has been selected in the previous step will be listed in this checkbox. All the notifications and emails will be sent to these accounts.
Activate machines after enrollment: when this option is off, at the
moment a user enrolls a machine this one will be deactivated and the
user won't be able to log in into SugarCRM using this enrolled machine. When this situation happens, an email is sent to the main administrator
reporting this incident, so he/she (the administrator) can decide whether to activate or not the machine of the user.
Use OTP (One Time Password) for enrollment of machines: One
time password is a temporary password that once used, expires. This option allows a more secure process at the moment of enrolling a
machine. The SugarCRM user will receive an email containing the information of the OTP in order to use it in the enrollment process. For
this reason, it's important that the users from SugaCRM have a valid
http://www.easysol.net | [email protected]
email. Once this option is on, the whole ‘One Time Password Mail
Configuration (OTP)’ will be enabled.
Use OTP (One Time Password) for enrollment of machines One time password is a temporary password that once used, expires.
This option allows a more secure process at the moment of enrolling a machine. The SugarCRM user will receive an email containing the
information of the OTP in order to use it in the enrollment process. For this reason, it's important that the users from SugaCRM have a valid
email.
Once this option is on, the whole One Time Password Mail
Configuration (OTP) will be enabled.
The emails will be sent using EasySolutions mail server, please add an exception in your spam filters with the next settings in order to receive
emails successfully:
Server Name: mail.easysol.net Server IP: 66.45.255.219
Account: [email protected]
Maximum number of machines allowed for user: this option will set the initial number of machines the users from SugarCRM will be able to
enroll. This number can be changed for any user from SugarCRM
through mass update or individual modification in the DetectID Users module. Note: This option doesn't update the previous number of
machines enrolled for users that have already enrolled machines. For example: the initial Maximum number of machines allowed for user is 8
and for instance 20 new users from SugarCRM enrolled their machines. At this point, those users can only enroll 8 machines and no more. Now,
if 30 new users from SugarCRM enrolled their machines when the Maximum number of machines allowed for user was 5, then each of
these 30 new users will be able to enroll only 5 machines, but the previous 20 users will remain with 8 machines to enroll and not 5.
DetectID Users Restriction List: here you will find two lists: one
containing all the users from SugarCRM; the other with the users that won't use DetectID in the Cloud for SugarCRM as a second factor of
authentication, who will instead use the normal authentication process
of SugarCRM. You can select one or more users from the left list (users from SugarCRM) and click the forward button (the one with two greater-
than signs) that is in the middle of the two lists, and the users from SugarCRM will be passed to the Restricted Users list. You can remove
http://www.easysol.net | [email protected]
one or more users from the Restricted Users list by selecting the user(s)
and clicking on the Remove button. If you want to remove all the users from the Restricted Users list, just click on the Remove All button
without the need of selecting any users.
Generated OTP Length: this field allows you to specify the length of the OTP that is generated at the moment of the enrollment process.
This number can't be greater than 25 or less than 0.
Maximum number of retries: upon entering the OTP at the end of the enrollment process (here, we are assuming that the checkbox Use OTP
(One Time Password) for enrollment of machines is on, because otherwise at the end of the enrollment process you won't have to enter
an OTP, just the description of the machine you're enrolling), you have a certain number of tries before the OTP becomes invalid. This field
(Maximum number of retries) will determine the amount of tries you will
have at the end of the enrollment process with OTP. This number can't be greater than 10 or less than 0.
Type of characters to generate the OTP: this option is used to
determine if the OTP will have lowercase or uppercase letters. If the Numeric option is selected in the Combination of characters to generate
the OTP field, this checkbox will be disabled.
Combination of characters to generate the OTP: determines if the
generated OTP will use numbers or letters or any combination of both.
Message subject: the subject in the OTP email that the users will receive.
Template Editor
In this template editor you can change the text that contains the notifications about the creation of OTPs and will be sent to the user's
email.
The editor allows the use of predefined tokens for automatic insertion of texts, for example, if you want the application to enter the user’s name
automatically in the email message, use the $CLIENT_NAME token, this token will be replaced automatically by the application at the moment of
sending the email.
http://www.easysol.net | [email protected]
Tokens supported by the editor:
$CLIENT_NAME: Name of the user who will receive the email
$CLIENT_MAIL: Email address of the user $DATE_TIME: Date and time at which the OTP will be sent
$OTP: OTP generated code
A template example will be:
The system has generated an one time password (otp) that will help
you enroll this machine. Below you will find all the necessary information:
Username: $CLIENT_NAME Email: $CLIENT_MAIL
Time of the request: $DATE_TIME Password: $OTP
But the user will see it like this:
The system has generated an one time password (otp) that will help you enroll this machine. Below you will find all the necessary
information: Username: jim
Email: [email protected] Time of the request: Thu Apr 14 10:01:19 2011
Password: ws7nbkw3dvfl