Login Domains

Configure login domains in the Community Manager developer portal.

Table of Contents

• How does login configuration work?
• Does the platform provide a default login?
• How do I enable and customize a platform login domain?
• What is a Target Host?
• What login page integration modes are supported?
• How do I disable a platform login?
• How do I disable the option for users to change the email address on the account?

How does login configuration work?

As part of the initial platform setup, a Site Administrator sets up a series of domains that represent an enterprise's login requirements for the platform. Supported domain types for the platform login include:

• Platform Login
• Google® Connector
• Facebook® Connector
• LDAP
• CA SiteMinder®
• OAuth Provider
• OpenID Connect Relying Party

In versions prior to 7.1.0, the platform installation also included a default platform domain that is automatically enabled when a new user account is created. In 7.1.0 and later, the default platform login domain is still there but it is not enabled by default. The Site Admin must manually enable the platform login domain as part of configuration.

After any desired login domains are installed, the Site Admin must enable them before they will be available to users. Additional configuration steps are also available, including:

• Target Host (virtual hostname)
• Logo (the button that's displayed on the login page for this login domain. If not specified, defaults to the first letter of the domain name)
• External login page display mode (popup window or main window)

For instructions on configuring login domains, see How do I enable a domain for login?

Does the platform provide a default login?

No. In versions prior to 7.1.0, the platform installation supported certain security domains that allow login with email address and password to be automatically enabled for use once the security domain was created.

As of version 7.1.0, this default has been removed. The platform does not allow the default platform login page to fall back to security domains supporting email/password-based login.

If your platform already had logins configured prior to upgrading to the version 7.1.0 release, the default option and configuration will remain in place after upgrading. However, if you install 7.1.0 and then configure, you'll need to add the login domains and then enable them, in two separate steps.

For more information, including instructions for restoring the default by running a database query, see How do I enable and customize a platform login domain? below.

How do I enable and customize a platform login domain?

There are two steps to setting up a login domain on the platform:

• Create the domain. In some cases, this requires some setup in Policy Manager. For instructions on setting up the specific type of login domain you want, see Domains.
• Complete the configuration by enabling and customizing the login domain. See below for instructions.

Note: In versions prior to the 7.1.0 release, certain security domains that allow login with email address and password were automatically enabled once the security domain was created in Administration / Domains. The default has now been changed so that the default platform login page does not fall back to security domains supporting email/password-based login. Instead, you must explicitly enable the login domain after adding it. If you have already configured the platform prior to upgrading to the version 7.1.0 release, your default option and configuration will be unchanged after upgrading. However, if you install any version 7.1.0 or later, and then configure, you'll need to add the login domains and then enable them, in two separate steps.

To enable a domain for login

1. Log in as a Site Admin and go to the Admin section.
2. Go to More > Admin >Logins.
3. Check the Enable check box.
4. If you would like to configure a virtual host for the domain, enter it in the "Target Host" text box. For more information, see What is a Target Host? below.
5. In the Logo/Avatar column, click Upload and select the logo you would like to display for the Login button. for more information, see How do I upload and crop icons? You can upload your own custom button or refer to information from the provider, if available. For example:
   • Facebook login button usage: https://www.facebookbrand.com
   • LDAP: refer to the LDAP developer documentation for information on LDAP login button usage
   • Google login button usage: Google Sign-In button branding guidelines
6. In the Mode column, click the applicable button to indicate whether you want the login domain to be a popup or to display in the main window. For more information, see What login page integration modes are supported?
7. Click Save.

   If needed, you can use the Reset button at any point before saving, to remove changes you just made.

Once the login domain is enabled, it is available to anyone logging in to the platform.

Note: For new installations, if you want to restore the old setting so that platform login falls back to security domains supporting email/password login, run the following query on the database:

update LOGIN_RULES set AUTO_LOGIN_EXT_DOMAIN='com.soa.feature.enabled' where BUSINESSID in (select BUSINESSID from TENANTS where FEDMEMBERID='{tenantid}';

If you have additional questions, contact Akana technical support.

What is a Target Host?

The Site Administrator can specify one or more specific URLs that are valid logging into the platform. This could be used to provide a different login based on role (Business Admin, API Admin, Developer, and so forth), or for a backdoor login if one of the domain configurations is down. This is done by specifying a Target Host address (virtual host address) for each login domain; for example, {role}.{company}.com.

It is best to develop a login plan for each role that covers different types of login scenarios. For example, if your site uses CA SiteMinder exclusively for logins, and the CA SiteMinder login is down for some reason, you will need a backdoor login to investigate the problem. To provide a resolution for this scenario, here are two possible approaches:

• Configure the platform default login Target Host so that only the Site Administrator can log in using email and password credentials.
• Configure an alternate Facebook domain (using the Facebook Connector domain) or Google login domain (using the OpenID Connect domain) and specify a Target Host for backdoor logins. Only users from that specific target host will be able to log in using that domain.

What login page integration modes are supported?

The platform allows you to select how the login page associated with a login domain is displayed to the user when logging in. The integration method is selected by the Site Administrator via the Mode option on the More > Admin >Logins page for a specific domain. Two options are available:

• Popup—Displays the external login page as a popup window.
• Main—Displays the external login page in the platform home page instead of as a popup.

Note: Mode options are not configurable for the default login page.

How do I disable a platform login?

To disable a platform login

1. Log in as a Site Admin and go to the Admin section.
2. Go to More > Admin >Logins. The Configure page displays a listing of domains that have been added to the platform.
3. To disable the domain, clear the Enable check box.
4. Click Save.

How do I disable the option for users to change the email address on the account?

For security reasons, you might want to disable the ability for users to change the email address associated with local accounts set up on the platform.

Currently, you cannot change this setting via the user interface, but you can do it in the database, as follows:

• Table: BUSINESS_SECURITY_SETTINGS
• Column name: USER_MODIFY_EMAIL

The default value for this column is: com.soa.feature.enabled. To disable the ability for users to change email address, set this value to: com.soa.feature.disabled.

Related Topics