Enabling login/logout (SSO users)
The Login settings can be found by clicking the Admin Settings link in the Main Navigation and then going to Governance > Manage Login Credentials. Here you will find multiple options to help configure the login settings for users within your organization.
At the top you will find the basic Login settings, which will vary depending on what kind of setup you have chosen for your platform. Here you can choose to disable passwords and/or if logging out will also log you out of your SSO system. We strongly recommend that Password logins should always be enabled for obvious security reasons. If you use your SSO system for other services in addition to Jostle, we recommend keeping the Jostle logout separate from your SSO system. For information on SSO Mobile login options, see this article.
Setting up OpenID logins for orgs that are not integrated with Google
OpenID authentication, (the protocol used by Google) is available as a login option for all orgs, not just orgs that are integrated with Google and/or who did their Jostle setup via the Google Workplace Marketplace.
If your org isn't integrated with Google, but you would still like to enable OpenID authentication for your Jostle platform, please contact Support or your Customer Success Manager for assistance with this request.
Once you have been informed that your account has been updated, you should see this setting at the top of your screen in Administration Settings > Governance > Manage Login Credentials:
Next, do the following:
- Across from "Google OpenID logins" click Enabled.
- Scroll down and click Save at the bottom of your screen.
- Exit to the Administrations Settings main page and then re-enter back to Governance > Manage Login Credentials.
- You should now see both Jostle and Google login options at the top of your screen. Ensure they are both Enabled (see below).
- Scroll down and click Save again.
NOTE—you should now be able to use OpenID authentication for your platform, however, there is one more possible step you may need to take first:
Update any accounts already using a Google/Gmail email
Since your system is now going to accept OpenID authentication, you need to properly identify any accounts that already use Google credentials. So, for any users that were already using a Google/Gmail email address on their account, you'll need to do the following:
- Go to Administration Settings > User Accounts and Data > Edit, Re-invite, and Disable Users
- Pull up one of the users and select EDIT next to their name
- On the Edit User screen, scroll down to Login Authentication Method and switch it from "Jostle credentials" to "Google credentials".
- Scroll down and click Save.
Clicking Save will automatically trigger a login update email for the user, so they can sign with their Google credentials and have their updated settings applied without any discrepancy issues:
Enabling Multi-Factor Authentication (MFA)
Enabling Multi-Factor Authentication (MFA) for your platform provides an additional layer of security for your organization.
To log in with MFA, users will first be required to install and set up an authenticator app (for example, the Google Authenticator) on their mobile device or tablet. Then, users will be required to enter their account password as well as one-time, randomly-generated passcode from the Authenticator in order to successfully log in.
Requiring a user’s knowledge (their password) and a user’s possession (their mobile device) in order to verify their identity can ensure the security of your platform far beyond basic password-protection.
When creating your login settings there is the option to make MFA login Mandatory, Optional or Disabled for your users and/or System Administrators. It is recommended that it at least be enabled for all System Admins within your organization.
To set up Multi-Factor Authentication:
- Go to Administration Settings > Governance > Manage Login Credentials
- Under Multi-Factor Administration (MFA) select your option.
- Scroll down and click Save.
- Selecting "Mandatory" will automatically check off "Required for System Admins".
- If MFA is currently enabled, selecting "Disabled" will delete all users’ current MFA settings. If MFA is then re-enabled, they will have to go through the MFA setup process again.
- Resetting a user's password from the Edit User screen will require that user to reset their password as well complete the MFA setup process again.
- If a user selects the "Forgot Password" link on a login screen, they will only need to reset their password and can continue using their current MFA configuration.
Also in Administration Settings > Governance > Manage Login Credentials, you'll find options to configure automatic logout from Jostle. You can set the time duration for when an automatic logout occurs, and can be used to help with user account security if Jostle is being used in on-site computers within your organization. Automatic logout is also available for mobile, and can be left disabled if users frequently use the mobile app on their personal devices.
If you need to disable/re-enable someone's login:
- Go to Administration Settings > User Accounts and Data > Edit, Invite, Disable Users
- Search for the user and then click EDIT next to their name
- Go to the Login and Security column and under Login Status, select Disabled
- Click on Save changes at the top of the screen
- To re-enable a user, follow Steps 1-4 above, but select Enabled for Step 3
NOTE—this action can also be done on multiple users in bulk via CSV (by changing a user's value under AccountState from "Active" to "Disabled"). For information on how to bulk manage data, please see this article.
At the bottom you will find Password settings and can be used accordingly to help reduce security risks. You can choose to enforce strong passwords and/or have users change their passwords after a certain number of days.
If you choose to enable strong passwords, contributors will get the following screen letting them know the password requirements.
You can also manually have all users change their passwords upon their next login by clicking ‘Reset passwords’ at the very bottom of the page.