A

Authentication

User management and authentication in Appivo

Authentication Guide

Appivo provides complete user management out-of-the-box. Learn how to configure authentication for your applications.

Built-in User Management

Every Appivo application automatically includes:

FeatureDescription
User RegistrationNew user sign-up
Login/LogoutSession management
Password EncryptionSecure storage
Password ResetSelf-service recovery
Profile ManagementUser can update their info
API Key GenerationFor integrations
Two-Factor AuthOptional 2FA

User Registration

How It Works

  1. User fills out registration form
  2. Appivo creates user account
  3. Password is encrypted automatically
  4. Welcome email sent (if configured)
  5. User can log in

Registration Configuration

Configure registration in Security Settings:

SettingDescription
Allow RegistrationEnable/disable self-signup
Required FieldsWhich fields are mandatory
Email VerificationRequire email confirmation
Default RoleRole assigned to new users

Login and Sessions

Session Management

Appivo handles sessions automatically:

  • Secure session tokens
  • Automatic session expiration
  • Session refresh on activity
  • Multi-device support

Session Configuration

SettingDescriptionDefault
Session TimeoutIdle timeout30 minutes
Max SessionsConcurrent loginsUnlimited
Secure CookiesHTTPS-onlyEnabled
Remember MeExtended sessionsOptional

Password Management

Password Policies

Configure password requirements:

PolicyDescription
Minimum LengthRequired character count
ComplexityRequired character types
ExpirationForce periodic changes
HistoryPrevent reuse
LockoutFailed attempt limits

Password Reset Flow

  1. User requests password reset
  2. Email sent with reset link
  3. User clicks link (time-limited)
  4. User sets new password
  5. All sessions invalidated

Reset Configuration

SettingDescription
Link ExpirationHow long reset link is valid
Email TemplateCustom reset email
Redirect URLWhere to go after reset

Two-Factor Authentication

Enabling 2FA

  1. Navigate to Security Settings
  2. Enable Two-Factor Authentication
  3. Choose methods:
    • SMS codes
    • Authenticator apps
    • Email codes
  4. Set enforcement level

2FA Settings

SettingDescription
OptionalUser can enable if desired
RequiredAll users must enable
Role-BasedRequired for specific roles

User Roles

Assigning Roles

Assign roles to users for access control:

  1. Navigate to Users
  2. Select a user
  3. Go to Roles tab
  4. Add or remove roles
  5. Save changes

Role Assignment Methods

MethodDescription
ManualAdmin assigns roles
DefaultAutomatic on registration
Group-BasedInherit from groups
DynamicBased on attributes

User Groups

Creating Groups

Organize users into groups:

  1. Navigate to Groups
  2. Click Add Group
  3. Name the group
  4. Add members
  5. Assign roles to group

Group Benefits

  • Assign roles to many users at once
  • Organize users by department/team
  • Simplify permission management
  • Easier bulk operations

Profile Management

User-Editable Fields

Configure which fields users can update:

FieldUser Editable
NameYes
EmailConfigurable
PasswordYes
PhotoYes
PhoneConfigurable
RolesNo

Profile Settings

Navigate to profile configuration:

  1. Go to User Interfaces
  2. Configure profile view
  3. Set editable fields
  4. Add validation rules

API Authentication

API Keys

Users can generate API keys for integrations:

  1. User goes to profile settings
  2. Clicks Generate API Key
  3. Key is displayed once
  4. User stores key securely

API Key Properties

PropertyDescription
NameDescriptive label
PermissionsWhat key can access
ExpirationOptional expiry date
Usage LimitsRate limiting

Using API Keys

Include in requests:

Authorization: Bearer YOUR_API_KEY

Single Sign-On

Supported Providers

Appivo can integrate with identity providers:

  • SAML 2.0
  • OAuth 2.0
  • SCIM 2.0

SSO Configuration

  1. Navigate to Integrations
  2. Select Single Sign-On
  3. Configure your identity provider
  4. Map user attributes
  5. Test and enable

Security Best Practices

For Administrators

  1. Enforce strong password policies
  2. Enable 2FA for sensitive roles
  3. Review user access regularly
  4. Monitor login activity
  5. Disable inactive accounts

For Users

  1. Use strong, unique passwords
  2. Enable two-factor authentication
  3. Don't share credentials
  4. Log out on shared devices
  5. Review active sessions

Troubleshooting

User Can't Log In

  • Verify account exists
  • Check if account is locked
  • Reset password if needed
  • Check for 2FA issues

Session Issues

  • Clear browser cookies
  • Check session timeout settings
  • Verify secure cookie configuration
  • Test in different browser

Password Reset Not Working

  • Check spam folder
  • Verify email address
  • Check link expiration
  • Review email configuration

Next Steps