Setting up Invotra Auth

With Invotra Auth, you can authenticate via multiple identity providers and have the option to activate multi-factor authentication (MFA) via SMS.

Note: Invotra Auth is backed by AWS Cognito, this acts as an overarching authentication layer for enhanced security and is compatible with SAML 2.0.

The following are the steps to set up Invotra Auth for your site

 
Part 1 Authentication
  1. Navigate to ‘Administration’ settings
  2. Select the ‘Authentication’ option located under ‘Global settings’
     
    Blocked users

    From ‘Authentication’ you can automatically unblock users when they successfully authenticate via Single Sign-On (SSO):

  1. Tick the ‘Re-activate blocked users if they successfully log in via SSO’ checkbox
  2. Select ‘Save’

    Note: This is useful if some users need to leave for extended periods but will return at a later date

 
Disabling manual login

To disable manual login:

  1. Tick the ‘Disable manual login’ checkbox
  2. Select ‘Save’
 
Show sign out button

To configure the visibility of the sign out button in the user profile menu

  1. Tick the ‘Show sign out button’
  2. Select ‘Save’
 
Identity providers

From the ‘Authentication’ screen, you can see a list of the identity providers that are connected to your Invotra account for SSO

To connect with a new identity provider (IdP) for SSO:

  1. Select ‘Add new identity provider’
  2. Enter a name for the identity provider, e.g. ‘Google’
  3. Select SAML in the dropdown
  4. Select ‘URL input’ or ‘File upload’, depending on your preferred method of connecting to your identity provider
  5. Enter your identity provider URL or upload your identity provider metadata, depending on the option you chose
  6. Tick ‘Single Sign-Out’ if you also want to log users out of the identity provider when they log out of Invotra
  7. Enter the SAML attributes that are relevant to your organisation

   – SAML attributes lets you map fields from your identity provider to the fields in Invotra

   – Email is mandatory but all other fields are optional

   – The SAML attribute column is where you can include the name of the attribute to fit your identity provider, e.g. ‘FirstName’

   – The ‘User attribute’ column then lets you select which Invotra field your SAML attribute is mapped to, so in Invotra it’s ‘ForeName’ and you’ve made it ‘FirstName’

  1. Select ‘Save’
 
Part 2 Welcome email

Whenever you create a new user, be it manually or through the user importer, you can trigger a custom welcome email that contains important guidance and links to log in successfully.

  1. Navigate to ‘Administration’ settings
  2. Select ‘Email configuration’ from the ‘Intranet tools’ category 
  3. Add subject in the ‘Subject’ field

Use the tokens we provide, i.e. [site:name] and [user:name]. 

There is a table at the bottom of the page. Tokens will auto-generate text so that your message personalised for each user.

  1. Edit the email body field
  2. Add a banner image
  3. Add an action title and URL
  4. Select ‘Send test email’ and an email will be sent to the email address in your profile
  5. Adjust and resend tests until you are happy
  6. Save template
 
Part 3 Importing users from a CSV file
  1. Users can be created or updated in bulk by importing a CSV file. Please see steps to access Importer 

2. User Import structures and field details

Please see CSV formatting rules as a guide when creating CSVs and best practices for imports

 
Part 4  Manually creating and updating users 

Steps to Manually create users

Manually updating users:
  1. From the ‘Administration’ page select the ‘User management’ option
  2. With ‘Username’ selected in first dropdown menu, add the name of the user you would like to search for and select ‘SEARCH’ 
  3. Select the user from the results displayed 
  4. You will be taken to the user’s profile, from here select the ‘EDIT PROFILE’ tab 
  5. Update user’s ‘PERSONAL’ and ‘PROFESSIONAL details
  1. Select ‘Save’
  2. Select the ‘ACCOUNT SETTINGS’ tab to update the user’s ‘AUTHENTICATION, ‘STATUS’, ‘GLOBAL ROLES’ and ‘TIME ZONE’ details
  3. Select ‘SAVE’ 
 
Part 5 Logging in with Invotra 

Before you can log in to Invotra using Invotra Auth, you need to be sent a welcome email.

  1. Select the link in your email
  2. Add your email and temporary password 
  3. Select ‘Next’
  4. Set new password
  5. Save

If multi-factor authentication is enabled:

  1. Select the link in your email
  2. Add your email and temporary password 
  3. Select ‘Next’
  4. Add your mobile phone number
  5. Select ‘Send code’
  6. When you receive the code via SMS, enter the code
  7. Select ‘Log in’
  8. If you do not receive the code after 10 minutes, select ‘Did not receive an authentication code?’ link
  9. Redo steps 4 to 7

Note: If the code does not work, we recommend starting the process from step 1 to 7 again using the link that is in your welcome email

Role/permissions: 

Webmasters only