Password Policy & SSO Setup in Builder

You are now able to configure your password policy and your Single-Sign On settings in the System Settings section of Builder. Previously, these were both in Enate Enate Manager.

Note that in order to edit these, a user must have the 'Edit System Settings' access option enabled as part of their user role. Users without this access option will be able to view the settings in read-only mode.

Password Policy Setup

You are can configure your password policy in the System Settings section of Builder.

Changes will take immediate effect after you click ‘Submit’. Users logging in after you have clicked ‘Submit’ will have to use a password that adheres to your new password policy.

You can configure the following settings for your password policy:

Setting
Note

Maximum age in days of password

Enter the maximum number of days you want users to be able to use a password for before the system prompts them to update it.

Minimum age in days of password

Enter the minimum number of days that a user cannot update their password for.

Maximum length of password

Enter the maximum number of characters you require your users' passwords to be. Note that this value must be equal to or greater than the combined 'number character count' and 'symbol character count' values which you might set elsewhere in your password policy settings. Maximum password length is 64.

Minimum length of password

Enter the minimum number of characters you require your users' passwords to be.

Password must contain an upper-case and a lower-case letter

Select if you want to make it mandatory for your users to use at least one lower-case letter and one upper case letter in their passwords.

Password must contain this many numbers

Enter the number of numbers you require your users' passwords to contain. Note that the password's maximum length must be longer than the combined symbol count and this number count.

Password must contain this many symbols

Enter the number of symbols you require your users' passwords to contain. Note that the password's maximum length must be longer than the combined number count and this symbol count.

Number of failed attempts before a user gets locked out

Enter the number of times a user can enter the wrong password before they are locked out of the system. They will then have to speak to the relevant parties to get their password reset. Note that if you enter a value here, you must also enter a value for the 'Length of time to lock out a user in minutes' setting.

Length of time to lock out a user in minutes

Enter the length of time in minutes you want a user to be locked out for when they have entered their password incorrectly too many times. Note that you must add a value here if a value has been added for the 'Number of failed attempts before a user gets locked out' setting.

Number of previous passwords to store

Enter the number of previous passwords you want the system to store to prevent users reusing the same passwords again. Note that if you enter a value here, you must also enter a value for the 'Number of days to store previous passwords' setting.

Number of days to store previous passwords

Enter the number of days previous passwords are to be stored. Note that you must add a a value here if a value has been added for the 'Number of previous passwords to store' setting.

IP Ranges Allowed

Enter a valid IPV4 address in CIDR notation. Multiple IP ranges can be added.

Note that only one password policy can be set. Provision for multiple password policies has been removed.

Single Sign-On Setup

You are can configure your Single Sign-On settings in the System Settings section of Builder.

The steps to configure SSO are as follows:

  1. Add a service provider certificate - the service provider is the application providing service, i.e. Enate.

  2. Add identity provider settings - the identity provider is the system authenticating usernames and passwords, i.e. your third party systems such as Azure AD.

Adding a service provider certificate

To add a service provider certificate, you can either generate a new one or upload an existing certificate.

If you are generating a brand new certificate, fill in the following settings:

Setting
Note

Subject

This is just for your reference. Mandatory.

Key Size

Value depends your security standards.

Hashing Algorithm

Value depends your security standards.

Validity Period in Years

How long would you like the certificate to be valid for. Enter the number of years. Maximum of 2 years.

Adding identity provider settings

To create an identity provider, you can either enter the necessary settings manually or import the metadata exported from your third-party system to auto-fill the necessary settings.

Setting
Note

Name

This is mainly for your reference. It also shows on the login page as a tooltip. Mandatory. E.g. Sign in with Office 365.

Description

This is just for your reference. Optional. E.g. Logs in Enate users using their Enate account.

Logo

This is the logo that will appear on the login page. File must be .pgn, .gif or .jpeg and 120 by 28 pixels. Mandatory.

Login Binding Type

Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This will be auto-filled in if you import a metadate file.

Logout Binding Type

Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This will be auto-filled in if you import a metadate file.

Allow Identity Provider Initiated Login/Allow Unsolicited AuthN Requests

This determines whether you acknowledge or ignore unsolicited AuthN requests. Unsolicited AuthN requests occur when a user starts the login procedure from the Identity Provider without first visiting Enate.

During a solicited request, the User visits the Enate login page, clicks the SSO provider logo and is redirected. Upon completion of the authentication, they are redirected back to Enate where the authentication completes. This was solicited by Enate.

During an unsolicited request, the user visits the Identity Provider, possibly an 'Application Directory', and clicks the Enate logo. They are redirected to Enate where authentication completes. Because this flow was initiated by the Identity Provider, it is considered unsolicited by Enate.

Identity Provider ID/Identity Provider Entity ID

Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This setting will be auto-filled if you have imported a metadate file.

Single Logout URL

Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This setting will be auto-filled if you have imported a metadate file.

Single Sign On URL

Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This setting will be auto-filled if you have imported a metadate file.

User Identifier Claim

Which claim (e.g. first name, last name, etc. that has been set up in your third party identity provider) you want to use to maps to your users' email addresses. Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This setting will be auto-filled if you have imported a metadate file. This is a free text field as well as a dropdown, so it can be customized, but it will likely just be email addresses.

Identity Provider Certificate

Add a copy of the certificate (Base-64 CER) provided by your third party identity provider. This setting will be auto-filled if you have imported a metadate file.

Last updated