4. Identity Section

Identity Section has 3 subsections:- 

  • Password Policy

  • Self Password

  • MFA (Multi-Factor Authentication)


4.1 Password Policy


A password policy is a set of rules designed to enhance cloud security by encouraging users to apply a strong password and use them properly.  A password policy is often part of each organization's official regulations and is strictly implemented for security reasons. 


To apply Password Policy, Open CloudCodes For Business console → Go To Identity>> Password Policy


                                                        C:\Users\rajashree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\Image 1.png

Image 1


Click > Add Policy


Fill in the policy details.

  • Title: Name your policy to identify it later when you want to make changes quickly.

  • Description: Short description for helping understand the policy if more than one admin is managing the account

  • Enabled: For some reason, if you want the policy to be disabled for some time and re-enable it, you can check/uncheck “Enabled” option as shown above

  • Granted: Allows end users to change the password. If not checked then end user is not able to change his own password

  • Valid Always: You can decide the validity of the policy with Valid Always button. Toggling this you can say whether you want a policy for a stipulated time or a policy which is always applied

  • Valid From and Valid To: If Valid Always is off, then you will have to provide the date range for which the policy needs to be applied. This way admin need not manually turn off the policy


                                                C:\Users\rajashree\Desktop\SSO1\Identity\Image 2.png

Image 2


CloudCodes For Business provides an effective way of addressing security problem through Advanced Passwords Policy feature.


How Password policy feature of CloudCodes For Business works?

After login, click → Identity →- Password Policy. To enable rules for password policy, the admin can define the following

  • Complexity of the password

  • Set password age (Expiration)

  • Admin can restrict the user from using the username as his password or certain keywords

  • Admin can restrict the user from using last ‘n’ passwords

  • Admin can set account lock functionality on certain unsuccessful attempts. 


That's it the admin need not do anything else just make the changes add the rules and save. After this once Users login they will be forced to change their password as per the policy and according to the new corporate rules.


The administrator has full freedom in framing the password policy for the corporate users and gives full control to the admin and protects the corporate network from unauthorized access.

Now even though user are using Google Apps -CloudCodes For Business a cloud-based solution provides allows admin to have better control of your domain


4.2 Self Password Policy


With CloudCodes For Business, the admin can easily use the self-password policy to enable the employees to reset their password by themselves. In case, the password is forgotten then there is no need to take anyone’s help.


                                                C:\Users\rajashree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\Image  3.png 

Image 3


  1. On the dashboard, select the “Self Password option” from drop-down of the heading “Identity”

  2. Once you have selected the self-password option, various settings come as follows


                                                    C:\Users\rajashree\Desktop\SSO1\Identity\Image 4.png

Image 4




  • Title: Name your policy to identify it later when you want to make changes quickly.

  • Description: Short description for helping understand the policy if more than one admin is managing the account

  • Enabled: For some reason, if you want the policy to be disabled for some time and re-enable it, you can check/uncheck “Enabled” option as shown above.

  • Valid Always: You can decide the validity of the policy with Valid Always button. Toggling this you can say whether you want a policy for a stipulated time or a policy which is always applied

  • Valid From and Valid To: If Valid Always is off, then you will have to provide the date range for which the policy needs to be applied. This way admin need not manually turn off the policy

  • Next, you have to select from the two options to Retrieve Password


       A. OTP

       B. Questionnaire


On selecting OTP, it simply uses the registered phone number for resetting. Then from the list box, select the “Number of Attempts Allowed” and “Skip Attempts”


  • On selecting the “Questionnaire” option, the admin has to set various options

  • Select Number of Questions

  • Checkbox to “Enable Random Question”

  • Choose “Number of Random Question” from the list box

  • Specify “Number of Attempts” Allowed

  • Specify “Skip Attempts Allowed”

This is how you can easily complete the whole process of self-password setup.


  • In case of Questionnaire, At the bottom of the page, there is a Question Bank where the admin has to Enter Questions to add them to the question bank. Lastly comes the check All OUs to implement your policy to all users or you can implement on selected users too


  • End User has to undergo through any of the two options (OTP/Questionnaire) as per policy set. 

Questionnaire: As the policy set by admin, after login to end user will ask to set answers for questions. In this user can skip the questions for the set attempts. After completion of these attempts, he has to set answer forcefully. User can use this answers to reset the password through self-password by answering correctly it redirects to change password page from where password can be changed 

OTP: End user can reset his password through OTP using his registered mobile number 



4.3 Multi-Factor Authentications


CloudCodes For Business gives high security against any kind of suspicious attempts to account any access with its multifactor authentication method. For this, it uses biometric authentication in addition to standard OTP-based authentication.

 

                                        C:\Users\rajashree\Desktop\SSO1\Identity\Image 5.png

Image 5

  • The multi-factor authentication tab appears just below the self-password option on the dashboard in Identity section

  • On selecting it, a new page, with all the authentication settings

  • The first field is for the Title, where you have to enter a unique policy title

  • The second one is an input box is for the Description, where the admin has to add some words about the policy 

  • Then is the checkbox saying Enable to enable the policy

 

                                           C:\Users\rajashree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\Image 6.png

 

Image 6

  1. Title: Name your policy to identify it later when you want to make changes quickly.

  2. Description: Short description for helping understand the policy if more than one admin is managing the account

  3. Enabled: For some reason, if you want the policy to be disabled for some time and re-enable it, you can check/uncheck “Enabled” option as shown above.

  4. Valid Always: You can decide the validity of the policy with Valid Always button. Toggling this you can say whether you want a policy for a stipulated time or a policy which is always applied

  5. Valid From and Valid To: If Valid Always is off, then you will have to provide the date range for which the policy needs to be applied. This way admin need not manually turn off the policy

  6. Validation: After this, the admin has to select the validation method; there are two options – OTP and Biometric. Admin can select either one or both the two options 

  • In case, admin can select both the options simultaneously (OTP and Biometric) or only one at a time (i.e OTP or Biometric) 

  1. Save Device: This policy allows users to log in with the saved devices without the multi-factor authentication from next time. This was for OTP (only) and OTP plus biometric (both)

  2. Expiration Days: The number of days after which the user will be asked multi-factor authentication after saving his/her device

           Now, when admin selects the Biometric Option (only) there arise three scenarios to be chosen from:

       9. Enforce: Enforce Policy includes: 

  1. Always

  2. Corporate Network

  3. Remember User IP -


    • A. Block Access :

    • B. Notify Admin & allow access

    • C. Re-Register IP

       9.1. On selecting Always, the users will be asked for multifactor authentication on each login

       9.2. Alternatively, if admin opts for Corporate Network; all the users logging from the company’s network IPs will not be enforced for                       multi-factor authentication

       9.3. In Remember User IP option includes three more options, the users accessing the account with not registered IP address then 

  • “Block access” option will block to log in from unregistered IP

  • “Notify” option will notify the admin when the user logins from unregistered IP through email notification 

  • “Re-register IP” option the unregistered IP also gets registered and not prompted for multifactor authentication