Logon Settings
General logon settings
Under the General tab of Logon Settings, you can configure the following settings.
CAPTCHA Settings
Login CAPTCHA serves as a security measure against bot-based brute force attacks. Enabling this setting will display a CAPTCHA image on the login page. End-users must enter the characters shown in the CAPTCHA image to log into the Log360 MSSP web portal.
You can configure whether to show CAPTCHA always or only after a certain number of invalid login attempts. Apart from the CAPTCHA image, you can also enable Audio CAPTCHA to assist visually-impaired users.
Steps to enable CAPTCHA:
- Log into Log360 MSSP as an administrator.
- Navigate to Settings → Administration → Logon Settings, and click the General tab.
- Select the option Enable CAPTCHA on the login page.
- Select Always show CAPTCHA if you want users to go through CAPTCHA verification every time they login.
- Select Show CAPTCHA after invalid login attempts if you want only those users who failed at login to go through the CATPCHA verification process.
- Enter the number of invalid login attempts after which the CAPTCHA verification should appear.
- Enter the threshold (in minutes) to reset the invalid login attempts. After the specified time period, the invalid login attempts will be reset.
- Illustration: Consider the following limits:
- Invalid login attempts limit 3
- Reset the invalid attempts limit after 30 minutes
- In the above illustration, if a user fails to login 3 times consecutively in a 30-minute time interval, then a CATPCHA image will be displayed. The user now has to enter the correct credentials, plus the characters shown in the CAPTCHA image, to successfully log into Log360 MSSP.
- Select Enable Audio CAPTCHA to assist visually impaired users.
Note: When audio CAPTCHA is enabled, only digits will be shown in the CAPTCHA image. If a browser doesn’t support audio CAPTCHA, then the default CAPTCHA image (with letters and digits) will be shown.
- Click Save Settings.
Block Users Settings
Using this option you can block users from accessing Log360 MSSP after a certain number of invalid login attempts for a defined time interval. A blocked user cannot log into Log360 MSSP.
Steps to block users:
- Log into Log360 MSSP as an administrator.
- Navigate to Settings → Administration → Logon Settings, and click the General tab.
- Select the option Block users after invalid login attempts.
- Enter the number of invalid login attempts after which users should be blocked.
- Enter the threshold (in minutes) to reset the invalid login attempts. After the specified time period, the invalid login attempts will be reset.
- Enter the number of minutes users should be blocked.
- Illustration: Consider the following limits:
- Invalid login attempts limit ‘3’ within ‘5’ minutes.
- Reset the invalid attempts limit after ’30’ minutes
- In the above illustration, if a user fails login 3 times in a 5-minute time interval, then the user will be blocked from logging into Log360 MSSP for 30 minutes.
- Click Save Settings.
Other Settings
If you want to hide the ‘Forgot Password?’ link in the login page, then enable the Hide ‘Forgot Password?’ link in login page option.
Two-factor Authentication
To strengthen user logon security, Log360 MSSP supports two-factor authentication. Once enabled, Log360 MSSP will require users to authenticate using one of the authentication mechanisms below in addition to the Active Directory credentials whenever they log in.
Setting up 2-factor authentication
- Log in to Log360 MSSP as an administrator.
- Navigate to Settings → Administration → Logon Settings.
- Click the Two-factor Authentication tab.
- Toggle the Two-factor Authentication switch to the ON position.
- Select the authentication methods of your choice from the list provided.
- Click Save Settings.
Note:
- If multiple authentication options are enabled, then the user will be asked to choose one at the time of logging in.
- Make sure you configure the authentication option you’ve chosen by entering all the required details.
Email Verification
When this option is selected, Log360 MSSP sends a verification code via email to the user’s email address. The user has to enter the verification code to login successfully.
Configuration steps:
- Configure mail server settings if not done already.
- Enter a Subject for the email.
- Enter the Message in the box provided.
- Set the priority as per your requirement.
- Click Macros link at the bottom to insert them in the email message.
- Once you are done, click Save Settings.
Once enabled, users will be asked to enroll for two-factor authentication by entering their email address during login.
SMS Verification
When this option is selected, Log360 MSSP sends a verification code via SMS to the user’s mobile number. The user has to enter the verification code to login successfully.
Configuration steps:
- Configure SMS server settings if not done already.
- Enter the Message in the box provided.
- Click Macros link at the bottom to insert them in the SMS.
- Once you are done, click Save Settings.
Once enabled, users will be asked to enroll for two-factor authentication by entering their mobile number during login.
Google Authenticator
Google Authenticator adds an extra layer of protection to the reset password/unlock account process. Once enabled, users will be required to enter a six-digit security code generated by the Google Authenticator app for identity verification.
Configuration Steps:
- Just click Enable Google Authenticator
- Click Save Settings.
Once enabled, users can enroll themselves for two-factor authentication using the Google Authenticator app.
RSA SecurID
RSA SecurID is a mechanism developed for performing two-factor authentication for a user to a network resource. Users can use the security codes generated by the RSA SecurID mobile app, hardware tokens, or tokens received via mail or SMS to log in to Log360 MSSP.
Configuration steps:
- Log in to your RSA admin console (e.g., https://log360-rsa.testdomain.com/sc).
- Go to Applications. Under Authentication Agents, Click Add New.
- Add Log360 Server as an authentication agent and click Save.
- Go to Access. Under Authentication Agents, click Generate Configuration File.
- Download AM_Config.zip (Authentication Manager config).
- Extract sdconf.rec from the ZIP file.
- In Log360 MSSP, under RSA SecurID configuration, click Browse and select the sdconf.rec file.
- Click Save Settings.
Duo Security
Duo Security is a two-step verification service that provides additional security while accessing applications. Users can use the six digit security codes generated by the Duo mobile app or push notification to log in to Log360 MSSP.
Configuration Steps:
- Log in to your Duo Security account (e.g., https://admin-325d33c0.duosecurity.com) or Sign up for a new one and login.
- Go to Applications. Click Protect an Application.
- Search for Web SDK. Click Protect this Application.
- Copy the Integration key, Secret key, and API hostname to Log360 MSSP.
- Click Save Settings.
Note: Please make sure you select the exact username pattern you use in Duo Security.
Microsoft Authenticator
Administrators can add Microsoft authenticator as an additional factor for verifying identities during login.
Configuration Steps:
- Click Enable Microsoft Authenticator.
- Click Save Settings.
Once enabled, users can enroll themselves for two-factor authentication using the Microsoft Authenticator app when they log in to the application.
Custom TOTP Authenticator
In addition to the authenticators mentioned above, you can also add a custom TOTP authenticator as a means of verifying identities, provided the application satisfies the following criteria:
- The application can provide passcodes of varying lengths (6, 7, or 8 characters).
- The application supports any password hashing algorithm that Log360 MSSP utilizes (SHA1, SHA256, and SHA512).
Configuration steps:
- Select Enable Custom TOTP Authenticator.
- Enter the name of the authenticator application.
- Select the Passcode Length and the Passcode Expiration Time from the available options.
- Select the Password Hashing Algorithm of the TOTP authenticator.
- Provide the format in which the username will be displayed in the authenticator.
- Select the logo of the authenticator. The supported formats for the image are PNG, JPG, JPEG, BMP, and GIF. Please ensure the dimensions of the logo does not exceed 45x45 pixels and the size is less than 2MB.
- Click Save.
Note: If the values for the passcode hashing algorithm, passcode expiration time, or the passcode length fields are modified, the user enrollment data for the configured custom TOTP authenticator will be deleted. The enrollment data will also be deleted when this configuration is disabled.
Once enabled, users can enroll themselves for two-factor authentication using the Custom TOTP Authenticator when they next log in to Log360 MSSP.
Backup Verification Codes
Backup verification codes allow users to log in when they don’t have access to their phone or face issues with one of the second-factor authentication method. When enabled, a total of five codes will be generated. A code once used will become obsolete and cannot be used again. Users also have the option to generate new codes.
Enabling backup verification code
- To enable backup verification code, put a check against the Backup Verification Code box.
Registering for backup verification code
- Once enabled, users will be notified to configure their codes when they log in to Log360 MSSP. On clicking Configure Now, they will be taken to the two-factor authentication settings page.
- Users need to click the Manage Backup Verification Codes link to view the codes.
- Users can also download the codes as a text file, print them, get it delivered to their personal email address, or generate new codes.
Using the backup verification code to login
- To use backup verification codes during login, users need to click the Use backup verification codes link in the second-factor authentication page.
- In the backup verification code page, they need to enter one of their backup verification codes and click Verify Code to login.
Managing users for two-factor authentication
As an admin, you can view which authentication method users have enrolled for and remove users’ enrollment for two-factor authentication using the Manage Users option.
To do so, follow the steps below:
- Under the Two-factor Authentication tab, click Enrolled Users.
- In the TFA Enrolled Users pop up, you can view the list of users enrolled for two-factor authentication and the authentication method they have chosen.
- To remove a user, select the user and click the Delete icon.
- Your password will now be reset to the default password "admin".
Note: This process will reset both the default admin password and the two-factor authentication (2FA) settings.