Managing Authentication Methods

Managing Authentication Methods Configuration Process Whitelist Security questions Email code FAQ & Diagnostic Tips

Authentication means verifying the identity of someone (a user, device, or an entity) who wants to access data, resources, or applications. DEACOM offers three different authentication methods: Whitelist, security questions, or email code. Authentication methods are optional. Companies may choose to set no authentication methods, one authentication method, or a combination of all three.

A brief summary of the different options are listed below.

• Whitelisting (Approved Devices beginning in version 17.00.050)- This security feature requires a device to be registered prior to an active DEACOM user logging into the system. Once the device has been registered, the device is approved by someone with the required access. Note that DEACOM relies on cookies for the whitelisting option so the security questions or email code choices may be preferred if your company routinely clears cookies. Starting with version 15.03.005, a whitelist description is added automatically for WMS Scanners.
• Security Questions – This authentication method requires a user to successfully answer a question or series of questions each time they log into the system. The number of questions required is set in System Options within DEACOM.
• Email code – This option requires the user to enter the random code that is sent to their email address each time they attempt to log into the system.

Authentication methods are defined on the user level, with the defaults being provided by the settings defined in System Options.

Note: Beginning in version 17.00 DEACOM supports the ability to interface, via SAML based authentication, with Okta, and CyberArk. Beginning in 17.01, Azure was added to the list. For more information, visit Okta and CyberArk Single Sign On (SSO) Integrations.

Configuration

Whitelist

• The "Whitelist Authentication" field must be checked on the user's record via System > Maintenance > Users. The default for this field is provided by the "Whitelist Authentication" field in System Options. Note:" Whitelisting is referred to and handled by Approved Devices beginning in version 17.00.050.)

Security questions

• The "Security Question Authentication" field must be checked on the user's record via System > Maintenance > Users. The default for this field is provided by the "Security Question Authentication" field in System Options.
• The "Security Questions" field on the Security tab in System Options must contain the number of questions that will need to be answered by the user.
• Security questions must be created via System > Maintenance > Security Questions. An unlimited number of questions may be created. The number that must be answered is determined by the number in the "Security Questions" field as described above.

Email code

• The "Email Authentication" field must be checked on the user's record via System > Maintenance > Users. The default for this field is provided by the "Email Authentication" field on the Security tab in System Options.
• The "Email" field on the user record must contain a valid email address.
• The Email tab within System Options must have the following fields filled in correctly:
  • "Email Host"
  • "Email Port"
  • "Email Poll Mins"
  • "Trigger Email From"
  • "Trigger Username"
  • "Trigger Domain"
• The "Email Code Minutes" field on the Security tab within System Options must be filled in. This field indicates how many minutes the email code is valid.

Process

Whitelist

Note: Whitelisting is handled via Approved Devices beginning in version 17.00.050.

When a User initially logs into DEACOM, they will be prompted to enter a device description and to be whitelisted. Each request gets logged in the system, where a system administrator with security access to "Whitelists -- maintain", "System -- maintenance", and "System menu", can then modify the submitted device descriptions and mark pending requests as approved or denied. Starting with version 15.03.005, a whitelist description is added automatically for WMS Scanners. To manage requests:

1. Navigate to System > Maintenance > Whitelist, fill in the pre-filter as desired and click "View".
2. Locate the desired User record and click "Modify" to open the Edit Whitelist form.
3. Click either the "Approve" or "Deny" button then save the changes and close the form.

Security questions

Once a user's authentication method has been set to "Security Question Authentication," the login process will proceed as follows:

1. The user will enter their name and password on the DEACOM login form and either hit the enter button on the keyboard or click the "Continue" button on the form.
2. At this point the system will display the Edit Security Question Answers form similar to the one below.

3. The number of questions and answers required depend on the number indicated in the "Security Questions" field in System Options as described in the configuration section on this page.
4. At this point, the user will use the search icon in the first "Security Question" field to select from the list of security questions.
5. Next, the user will enter an answer of their choice in the "Answer" field. The system will remember this answer for future logins. Answers are not case-sensitive.
6. The user will repeat steps 4-5 depending on the number of questions required.
7. Once complete, the user will click the "Continue" button to complete the process and successfully login.
8. The next time the user logins the system will present the Security Question Authentication form as seen below

9. Once the user types in the correct answer(s), they will hit the "Continue" button to complete the login process. This same form will be displayed on each subsequent login.

Email code

1. Once a user's authentication method has been set to "Email Authentication," the login process will proceed as follows:
2. The user will enter their name and password on the DEACOM login form and either hit the enter button on the keyboard or click the "Continue" button on the form.
3. At this point the system will display the Email Code Authentication keypad form which indicates that a code has been sent to the user's email address.
4. Once the user receives the email they will enter the code on the keypad form and hit the "Continue" button to complete the process. This same form will be displayed on each subsequent login and users will need to retrieve and enter the new code from their email.

Notes:

• The subject of the email sent from the system should read "DEACOM Login Code."
• The code will be set to expire based on the number of minutes specified in the "Email Code Minutes" field on the Users tab set in System Options.

FAQ & Diagnostic Tips

Can a user modify their security answers?

Yes, users with the security setting "File - Settings" set to yes may modify their answers via File > Settings.

Are security questions randomized?

Security questions are randomized for the user if the user has more questions assigned than the number set in the "Security Questions" field on the Users tab in System Options.

What criteria is evaluated for whitelisting in classic versions of DEACOM?

Motherboard, CPU, and hard drive.

What happens if the number of security questions required is increased after I have logged into the system?

On the next login the the user will first answer their security questions as before. Then, the system will present the "Edit Security Questions Answers" form where they will select and answer the additional number of questions required.