User accounts
Every person who wants to login to the application needs a user account. A user account is used to identify a person. In the account the following is registered:
- means of identification (and communication), like email addresses and phone numbers,
- ways of authentication, like passwords,
- a login name (optional),
- the user group.
An account is always related to a record of a blueprint class containing other information about the user, like name and address.
How to start?
For using accounts, follow these steps:
- Define user groups. See Permissions /authorizations.
- Define the classes in the blueprint that contain data about users, like a class 'person'. This class should at least have a field with data type 'Email address'. On the tab "Relevances" set the property "Email field for account" to the email field that is used to communicate about the account.
- Reload the blueprint.
Account can be created in two ways:
- Accounts can be created by the application manager or other authorized users.
Learn more - Accounts can be a created by the current (anonymous) user, using a registration form to create an account for him/herself.
Learn more
User accounts can be created (and managed) by the application manager or by users of an authorized user group.
Two factor authentication
An account can be protected by two-factor authentication methods. Two-factor authentication is a security process in which users provide two different authentication factors. Two-factor authentication provides a higher level of security than authentication methods in which the user provides only one factor, typically a password.
The following second-factor methods are available:
- Email
The user receives a login code by email. - One-time password (OTP) app
The user generates a login code with an OTP app. See https://studio.crossmarx.nl/page/1094/otp. - SMS
The user receives a login code by SMS. Extra costs are involved for sending SMS messages. - Service desk
When everyting else fails, a code can be generated by another user with suffiicient authorization.
To activate two-factor authentication, the developer can set the properties 'Two factor frequency' and 'Two factor methods' at the usergroup in the blueprint.
Note on security
From a security perspective, it is strongly recommended to add two-factor authentication to user groups that have broad permissions. Consider using something other than e-mail as second-factor method if you expect users of your application to use the same password for their email and your application. Losing this password to a third party will immediately grant them access to the application.
Account info
With this calculation helper you can add a field to a user record with information about the account of this user. It's also possible to search on this information. Learn more
Mail settings
The process heavily relies on emails. For example when resetting a password, verfication, two-factor login etc... Therefore it is important to ensure email is sent properly by your application.
Learn about email settings.