SOP-5-I-42Q-MES0152 Identity Access Management
42Q Home >Account Services > Identity Access Management
Account Services
Identity Access Management
Version MES15.70
Revision B1
Contents
Introduction
42Q IAM (Identity Access Management) is the unified login management to the42Q portal; it provides adaptive solutions to support different policies and guarantee the authentication/authorization with a more secure mode.
This document introduces the two forms of authentication:
Enterprise Authentication
Local Authentication
When the user enters the 42Q portal URL the system redirects to the unified login page:
Figure 1: IAM Unified Login Page
https://lh4.googleusercontent.com/9HSFDsyxdMZCrZt9zHX9ptrlkN5cq5SjGi1n6tnD4uaJpCIIC98bGlbaxuZ7tzV_tHhFKb7IJM8cAOLwXj3gwagH6xXOssxZZ5-02pQbd5SYQ7eHDztlkUXYMNlCMqR14Wwtm-xY
42Q has two types of Enterprise Authentication: Federated and Non-Federated setups as explained below:
Enterprise Authentication with Federation Setup
42Q IAM supports Federated authentication, this allows users to pass authorized credentials to the portal. The Enterprise account with federation setup allows users to log in with the UID or email address,if the account is created by email address, users need to log in with their email address.
To access, as an Enterprise Authentication with Federation Setup user, follow the steps below:
Enter UID or email address in the Username field at the unified login page.
Select the button Next.
- The system redirects the users to the SAML authentication.
- Enter the Username and Password, then select the Submit button.
Figure 3: Enterprise Account with Federation Setup
-
Enterprise Authentication without Federation Setup
Enterprise accounts without federation setup will prompt from password and validate credentials with the previously configured enterprise for that instance. Users are allowed to log in with their username, the username can be UID or email address To access 42Q, as an Enterprise user without federation, follow the steps below:
Enter the Enterprise account in the Username field at the unified login page.
Select the Next button.
Figure 5: Enterprise Account without Federation Login
- The system will ask users to input the password.
Figure 6: Input Password Form https://lh6.googleusercontent.com/lKwRCXW6sPXvtPNHgQWTB1BbSRrp4cdp2ST99z3CCbf41NZT8puMAHMVs8U0TLh-qwOyspQXBZCRcpdVHcSk-OIoVPFz6CEZrhptRbqHb4H9_0Wg89sh6e-rX37mhbirZ0ocuf6-
- Once the username and password are valid, the system redirects to the 42Q home page with the user signed in.
Figure 7: Enterprise Account Login 42Q Portal
-
Local Authentication
42Q IAM also supports Local authentication; in the example below, the username is one Local user.
Also, Local users can be set up with alphanumeric, or email format.
Figure 8: Local Account
https://lh5.googleusercontent.com/zD1F7OcAxKvasIbpUF-VNpToa1LwmHtUpPRunDGklU46epBeIqBOrhaP244eYiJWy-Oq9aFdUL6uD5fF8K0CyyLQ4mwWgp07hn1J5JXQ6IlOKSM-qsUz-3QhBfaS2QfDa0dfg0ql To access 42Q, as a Local user follow the steps below:
Enter the Local user account in the Username field at the unified login page.
Select the Next.
- The system will ask users to input the password.
Figure 9: Local Account Login
- Once the username and password are valid, the system redirects to the 42Q home page with the user signed in.
Forgot Password
When users forget their password, they can reset their password by clicking the Forgot password? link on the landing page, is option is available for Local Users. Once clicked, users will be redirected to the Account Services to reset the password and the users supervisor or support team will provide assistance for password changes.
For Enterprise users, an email will be provided with the following information concerning password changes. An expired link will be emailed to users with a link provided to change the desired password.
Figure 10: Forget Password
https://lh4.googleusercontent.com/A5s4iGBdbI6_FJXqZ-tPa2ZJgt51xt9-QAivSkXLDbCgn4Dk6VrxImV7SlPfRzfF4DUM453FFzQxSo__ylxprSD6my4Jaf3S-ZoXPKlGCNJxx5lGUFR0gLG2XLeam6uCNf68ZhTT
Note: In 60 days (default value) local users will have to change their password and if they haven't had a chance to log into the system during that period, their account will be inactivated.