The Username and Password login page


The login page that the user will actually see will depend on his chosen authentication method.

username and password 1

The above image shows the “Username & Password” connection type. The system also allows us to set up this page to use other types of information rather than username, e.g., email or phone. You can configure this on the Authentication Connection. It is important to notice that both requested user credentials are case sensitive. This differs from most traditional login pages where only the password is case sensitive.  The reason we require the unique identifier (username) to be unique is because it is also a claim in our system and claim values are, in fact, case sensitive. Allowing different values would result in claim values that service providers will see as not being the same.

When the user‘s password is expired, he will be asked to reset the password after login:

username and password 2

 

After successfully changing the password, the user will be able to return to the login page. Note: for security reason, if the number of times user input wrong old password exceeds value specified by Maximum number of allowed authentication attempts before password must be reset, that user will be disabled to prevent brute-force password attack.

username and password 3

 

Identify provides the “Forgot password? Click here!” feature to help users retrieve lost passwords. Simply fill in the form and we will email you the instruction.

username and password 4

To avoid this page revealing any information about existing names or emails in the system, it will show your request to be successful, regardless of whether the stated email or name does in fact exist in the system. Therefore, it is important that you insert the correct information here or you might be waiting for that email for a very long time.

However, there are also other reasons why an email might not be sent. Validate the following settings of your system if you do not think this feature is working properly:

  • Ensure that a claim has actually been specified in the system as the one containing users’ emails (on the ‘System Setup’ tab).
  • The system only allows one request per hour per user to avoid spamming.
  • Ensure that you configured the mail server correctly (on the Email Configuration page).
  • Ensure that the email did not end up in your mail system’s spam filter.

After five failed attempts to access, the user account will be closed down and require the reset password feature to re-enable the account. After receiving the reset password email, you can navigate to the following page via the reset link:

username and password 5

This article only explained the process of logging in. If you are interested in actually setting up this page, please go to the Username & Password Authentication Connection.