/monetization-web-docs/categories/security/Recent content in Security on Monetization Web Docs | Tridens TechnologyHugo -- gohugo.ioen/monetization-web-docs/security/access-logs/Mon, 01 Jan 0001 00:00:00 +0000/monetization-web-docs/security/access-logs/ <p>To access this section in <strong>Monetization</strong>, from the <i class="fa fa-bars" aria-hidden="true"></i> <strong>Menu</strong>, select <i class="fa fa-user" aria-hidden="true"></i> <strong>User management</strong>, and click <strong>Access logs</strong>. A paginated list of users&rsquo; activities from a specific period is shown in a tabular format.</p> <p><strong>Access time</strong> denotes the date-time the information was accessed; <strong>User</strong> indicates the individual that accessed the information. The <strong>Details</strong> represent the API endpoint that was accessed.</p> <div class="alert alert-primary" role="alert"> <h4 class="alert-heading">Note:</h4> At the moment, only the <strong>Customers</strong> endpoints are being tracked. </div> <div class="alert alert-info" role="alert"> <h4 class="alert-heading">Information:</h4> You can filter access logs by date-time, data type (user/customer), user ID, or/and customer ID. </div>/monetization-web-docs/security/authentication-settings/Mon, 01 Jan 0001 00:00:00 +0000/monetization-web-docs/security/authentication-settings/ <p>Authentication is a critical part of securing your <strong>Monetization</strong> environment.<br> The platform allows administrators to define how users log in, how long sessions remain active, and what security measures (such as Multi-Factor Authentication) are required to protect accounts.</p> <p>To configure authentication settings:</p> <ol> <li>Open the <i class="fa fa-bars" aria-hidden="true"></i> <strong>Menu</strong> (bottom left, click on your username).</li> <li>Select <i class="fa fa-user" aria-hidden="true"></i> <strong>Business Portal</strong>.</li> <li>Click <strong>Security</strong>.</li> </ol> <p>The <strong>Authentication Settings</strong> page is displayed.</p> <p><img src="../security-authentication-authentication-settings-page.png" alt="Authentication Settings Page"></p> <hr> <h3 id="available-settings">Available Settings</h3> <h4 id="session-timeout">Session Timeout</h4> <p>The <strong>session timeout</strong> determines how long a user can remain inactive before being automatically signed out.<br> This helps protect against unauthorized access if a user forgets to log out.<br> Enter the duration in seconds (e.g., <code>300</code> for 5 minutes).</p> <blockquote> <p><strong>Tip:</strong> For production environments, we recommend setting a shorter session timeout (e.g., 10–15 minutes) to minimize security risks.</p> </blockquote> <hr> <h4 id="single-sign-on-sso-providers">Single Sign-On (SSO) Providers</h4> <p>Single Sign-On (SSO) enables users to log in with their existing accounts from trusted providers, reducing the need for separate credentials.<br> Monetization supports several SSO integrations out of the box:</p> <ul> <li><strong>Google</strong> – Allow users to authenticate using their Google Workspace or Gmail account.</li> <li><strong>Twitter</strong> – Enable login with Twitter credentials.</li> <li><strong>Facebook</strong> – Allow authentication via Facebook accounts.</li> <li><strong>Microsoft Entra ID</strong> – Integrate with Microsoft’s enterprise identity service (formerly Azure AD).</li> <li><strong>Custom OIDC Provider</strong> – Configure any identity provider that supports the OpenID Connect (OIDC) standard.</li> </ul> <p>You can enable one or more providers depending on your organization’s needs.<br> For example, enterprises typically use <strong>Microsoft Entra ID</strong> or <strong>Google Workspace</strong>, while customer-facing applications may offer <strong>social logins</strong> like Facebook or Twitter.</p> <p>👉 See our step-by-step guide: <a href="https://tridenstechnology.com/how-to-set-up-sso/">How to Set Up Keycloak as an Identity Provider for Entra ID SSO</a></p> <p><img src="../security-authentication-identity-providers-page.png" alt="Create Identity Provider"></p> <hr> <h4 id="multi-factor-authentication-mfa">Multi-Factor Authentication (MFA)</h4> <p>Multi-Factor Authentication (MFA) requires users to provide an additional verification method (such as an authenticator app or SMS code) during login.<br> Enabling MFA significantly improves account security by ensuring that a stolen password alone cannot be used to access the system.</p> <p>To enable MFA, toggle the <strong>Multi-Factor Authentication</strong> switch. Once enabled, all users will be required to complete MFA when signing in.</p> <hr> <h4 id="password-policy">Password Policy</h4> <p>A strong password policy is essential to prevent brute-force attacks and ensure account safety.<br> Administrators can configure the following rules:</p> <ul> <li><strong>Minimum password length</strong> (recommended: 12 or more characters).</li> <li><strong>Maximum password length</strong>.</li> <li><strong>Password expiration</strong> (maximum password age in days).</li> <li><strong>Complexity requirements</strong>: <ul> <li>At least one uppercase letter.</li> <li>At least one lowercase letter.</li> <li>At least one digit.</li> <li>At least one special character.</li> <li>Restrict use of email or username in the password.</li> </ul> </li> </ul> <p>These policies ensure that users create secure and unique passwords that are harder to guess or reuse.</p> <hr> <h3 id="saving-changes">Saving Changes</h3> <p>Once you have updated the settings, click <strong>Submit</strong> to apply and save the configuration.<br> Changes take effect immediately for all new logins and sessions.</p> <hr> <h3 id="best-practices">Best Practices</h3> <ul> <li><strong>Always enable MFA</strong> for production environments.</li> <li><strong>Use SSO</strong> whenever possible to centralize identity management and reduce password fatigue.</li> <li><strong>Set strong password policies</strong> (minimum length of 12–16 characters with complexity rules).</li> <li><strong>Adjust session timeout</strong> based on compliance or security needs (shorter timeouts for high-security accounts).</li> </ul>