Contents

OneAdvanced Identity login using username

Overview

OneAdvanced Identity now supports username-based login, allowing admins to create users without requiring an email address. This feature is controlled by the 'Allow user without email' setting in the Organisation Module. When enabled, user accounts can be created without email address and they can log in using their assigned username instead of an email address.

Enabling username based login

  1. Navigate to Organisation Module.
  2. Enable the setting 'Allow users without email' for the organisation under 'Authentication' tab.
  3. Create users with or without an email address and assign a username for login.

Initial login process for non-federated users

If a user is not a federated user and needs to log in with a username, an admin must set up their account as follows:

  1. Create the user with a username.
  2. Set a temporary password and enable 'Reset password at next login'.
  1. Communicate the temporary password to the user securely.
  2. The user logs in using their username and temporary password.
  3. At this stage, the user is also directed to use authenticator app-based Multi-Factor Authentication (MFA) to secure their account.
  4. Upon first login, the user will be prompted to change their password.
  5. For all subsequent logins, users will be required to login using MFA and their new password.

Resetting password for username based login

If a user forgets their password, the reset process requires assistance from an admin:

  1. The user must contact an admin for a password reset.
  2. The admin updates the password in user account and provides a new temporary password.
  3. The admin enables 'Reset password at next login'.
  4. The user logs in with the temporary password and is mandated to update it once more.

Important notes

Users without email addresses will not be able to reset their password via email-based recovery methods.
Admin users must securely communicate temporary passwords to users when required.
If enabled, this feature cannot be disabled until all users have an email address.
Users can change their password at any time through their Account settings when logged in.

How did we do?

OneAdvanced Single Sign-on login process for federated accounts

Security questions

Contact