Managing login and password settings

Contents

Setting up OpenID logins for orgs that are not integrated with Google

Enabling Multi-Factor Authentication (MFA)

Logout configuration

Disabling/Re-Enabling login

Biometric Login

Password requirements

Resetting all Jostle passwords

Enabling login/logout (for orgs with SSO configured)

System Admins can find the Login settings page at Admin Settings > Governance > Manage Login Credentials. 

At the top of the page are the basic Login settings, which will vary depending on what kind of setup your platform has. Here you can choose to Enable/Disable the available login methods for all Users.

One option here is to disable Jostle-managed password logins. Normally Enabled will be your best choice. And best practice is to have at least one System Admin account using Jostle Credentials, so that you have access if your SSO system goes down.

Another option sets what happens when a user logs out of Jostle and is using a SSO login. Normally Jostle Only will be your best choice.

For information on SSO Mobile login options, see this article.

Setting up OpenID logins for orgs that are not integrated with Google

OpenID authentication (the protocol used by Google), is available as a login option for all orgs. If your org isn't integrated with Google, but you would still like to enable OpenID authentication for your Jostle platform, please contact Support or your Customer Success Manager for assistance with this request.

Once you have been informed that your account has been updated, the option to enable/disable Google OpenID will be included under the Manage Login Credentials.

Once this is available,  a System Admin should do the following:

1. Across from Google OpenID Logins click Enabled
2. Scroll down and click Save at the bottom
3. Navigate to Admin Settings > Governance > Manage Login Credentials
4. You will now see both Jostle and Google login options at the top of the page
5. Double check that both these options are Enabled
6. Scroll down and click Save

Update Login Method to any accounts already using a Google/Gmail email

Once you have OpenID authentication available in your platform, there is likely this additional step required to look after your existing Users.

Since your system is now going to accept OpenID authentication, a System Admin should identify any accounts that can now use Google Credentials. So, for any users that are using a Google/Gmail email address on their account, a System Admin should do the following:

1. Go to Admin Settings > User Accounts and Data > Edit, Re-invite, and Disable Users
2. Pull up one of the Users and select EDIT next to their name
3. On the Edit User screen, scroll down to Login Authentication Method and switch it from Jostle Credentials to Google Credentials
4. Scroll down and click Save

Clicking Save will automatically trigger a login update email for the user, so they can sign with their Google credentials and have their updated settings applied without any discrepancy issues.

To convert Users in bulk, please follow this article.

Enabling Multi-Factor Authentication (MFA)

Enabling Multi-Factor Authentication (MFA) provides an additional layer of security for your organization. Requiring a User’s knowledge (their password) and a User’s possession (their mobile device) in order to verify their identity can ensure the security of your platform far beyond basic password-protection.

To log in with MFA, Users will first be required to install and set up an authenticator app (for example, the Google Authenticator) on their mobile device or tablet. Once configured, Users will be required to enter their password as well as one-time passcode from the Authenticator app in order to successfully log in. You can learn more about how MFA works here.

When creating User's login settings, there is the option to make MFA Mandatory, Optional or Disabled for your Users and/or System Admins. We strongly recommend that you do require MFA login for all System Admins, as a minimum.

System Admins can setup Multi-Factor Authentication following these steps:

1. Go to Admin Settings > Governance > Manage Login Credentials
2. Under Multi-Factor Administration (MFA) select your requirements
3. Scroll down and click Save

Notes:

• Selecting "Mandatory" will automatically check off "Required for System Admins".
• If MFA is currently Enabled, selecting Disabled will delete all Users’ current MFA configurations. If MFA is then re-Enabled, they will have to go through the MFA setup process again.
• Resetting a User's password from the Edit User screen will require that User to reset their password and complete the MFA setup process again.
• If a User selects the Forgot Password link on Jostle Login Page, they will only need to reset their password and can continue using their current MFA configuration.

Logout configuration

System Admins can configure the logout behavior of the Jostle platform at Admin Settings > Governance > Manage Login Credentials.

If you have computers that are shared by multiple Users, make sure a System Admin enables automated login and sets it to an appropriately short duration.

Automated login is configured separately for logins from a mobile device. Minimizing the requirement for Users to log back in on mobile is usually your best strategy.

Disabling/Re-Enabling login

To block a Users ability to login, System Admins should follow theses steps:

1. Go to Admin Settings > User Accounts and Data > Edit, Invite, Disable Users
2. Search for the user and then click EDIT next to their name
3. Go to the Login and Security column and under Login Status, select Disabled or Suspended
4. Click Save Changes at the top right corner

To Enable a User that is Disabled or Suspended a System Admin should:

1. Go to Admin Settings > User Accounts and Data > Edit, Invite, Disable Users
2. Search for the user and then click EDIT next to their name
3. Go to the Login and Security column and under Login Status, select Enabled
4. Click Save Changes at the top right corner

Note: These actions can also be done on multiple Users in bulk via CSV (by changing a user's value under AccountState from "ACTIVE" to "DISABLED" or to "SUSPENDED"). For information on how to bulk manage data, please see this article.

Biometric Login

System Admins can allow Users to use their fingerprint or facial authentication settings to login at Admin Settings > Governance > Manage Login Credentials. This feature is available to Users who log in using a Jostle username and password (Jostle Credentials). Jostle's settigns here to not impact Users who log in with SSO or Google Open ID. You can find more information about Biometrics here.

Password requirements

Password requirements are set by System Admins aa Admin Settings > Governance > Manage Login Credentials. At the bottom ,you will find the Password Settings section. Here you can enforce strong passwords and/or have users change their passwords after a certain number of days.

If you choose to enable strong passwords, Users will get the a screen that makes it easy for them to meet the requirements.

Resetting all Jostle passwords

If, for example, you have a security incident and need to reset all Jostle-managed passwords, a System Admin can Admin Settings > Governance > Manage Login Credentials and click Reset Passwords at the very bottom of the page.