Authentication and Security
- proaxia
The Customer Portal supports three types of authentications:
basic, with user(email) and password
Single-Sign-On with OpenID Connect
with token from email link
The sign-in page handles the first two authentication types.
Basic authentication.
Account creation.
Customers can create accounts using an email address. On the Sign in page there is a link to the Sign up form.
Please note that the users are always created with a role that’s marked as default.
See VSS->Service-> Service Resource Scheduling->Customer Portal->General Settings->Maintain user roles IMG node.
After a successful registration, a confirmation email is sent to the provided email address. The email contains an activation link. Once the link is used, the account is activated and ready to use.
Password reset.
User can request a password reset on the sign-in page using the “Forgot?” link. An email will be sent to the provided address with a reset link.
After using the reset link, user can set up a new password.
Password requirements.
The password requirements can be set up using the VSS->Service-> Service Resource Scheduling->Customer Portal->Authentication->Set Password Requirements IMG node.
If not specified, the default requirement is :8 characters or more, 1 Uppercase, 1 Lowercase, 1 digit, 1 special.
Automatic linking of user's profile with a Business Partner number.
At every sign-in to the application, the user's profile is verified. If no assignment to a business partner is defined, the system searches for a BP with a suitable email address. If it finds exactly one and it is not yet linked to another user, the user profile is linked to the BP.
For existing customers It’s enough to update their business partner’s email address to provision their portal user. After the customer registers with the given email address all their orders and vehicles will be visible in the application.
Single-Sign-On with OpenID Connect.
The Customer Portal offers single-sign-on with OpenID Connect using Authorization Code Flow. It’s possible to use multiple identity providers at the same time.
OpenID Connect provides a way to authenticate users and obtain their consent for accessing their identity information. It extends OAuth 2.0 to include an identity layer.
OpenID Connect is widely adopted and plays a crucial role in modern authentication and authorization scenarios, especially in the context of single sign-on across multiple applications and services.
The list of OpenID authentication options is composed basing on the content of the control table.
The table is set up in the VSS->Service-> Service Resource Scheduling->Customer Portal->Authentication->Maintain OpenID Identity Providers Configuration IMG node.
Please note that identity providers need to be set up separately on every system.
Access with resource token.
Customers without an account can perform all actions on their service orders and appointments by using links from received order processing notifications (email, SMS, ...). The notifications are sent from the VSSCommunication Framework in response to various events. The links in the notifications contain resource tokens that allow interaction with a single order or appointment.
Protecting the application with reCaptcha V3.
The application and the underlying REST services can be enabled to use reCaptcha V3 as way to protect from spam and abuse.
For reCaptcha to work it’s required that the default user role requires reCaptcha verification. This setting can be made in the VSS->Service-> Service Resource Scheduling->Customer Portal->General Settings->Maintain user roles IMG node.
Additionally, it’s required to provide secret key and site key in the VSS->Service-> Service Resource Scheduling->Customer Portal->General Settings->Mainatin Customer Portal Parameters IMG node.
Parameter name | Meaning |
|---|---|
RECAPTCHA3_SECR_KEY | reCaptcha Secret Key |
RECAPTCHA3_SITE_KEY | reCaptcha Site Key - Google |