Versions Compared

Version Old Version 2 New Version 3
Changes made by

Megan Ellis

Megan Ellis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section
Column

 is a multi-tenant application. Tenants allow you to segregate groups of users and roles. Users from one tenant cannot access users in any other tenant. Note: this does not apply to public forms/workflows which do not require login access to a tenant.

The  In-house superuser admin can create as many tenants on your form server as needed. Once the superuser admin creates the tenant, the tenant admin user can then login to manage the tenant, configure LDAP, add users & roles, etc. See the Admin Home Page for differences between the superuser admin and tenant admin. 

Info

trial tenants in the cloud are initially configured with the frevvo Default security Manager. Once you have purchased your license, you can switch the Security Manager of your tenant and retain existing forms/workflows, users, roles and submissions.

Tenants using the Default Security Manager can be migrated to:

  • Default Security Manager → LDAP
  • Default Security Manager → SAML  
  • Default Security Manager →  Azure SAML

Tenants using the LDAP Security Manager can migrate to:

  • LDAP → SAML
  • LDAP → Azure SAML

Contact us to purchase or change your security manager.

Column
width35%

On this page:

Table of Contents
maxLevel2

...

  • Are you creating a tenant for Confluence? - Check this if you are planning on integrating with Confluence. If checked, the Security Manager Class field displays the Delegating Security Manager - This is the Security Manager needed for Confluence. The SharePoint section of the screen is hidden. The SharePoint Connector is not available to frevvo Confluence customers as it will not work in embedded scenarios.  If unchecked, the Default Security Manager will be used. 

  • If you are not using Confluence, select a Security Manager Option from the following choices: 

    Section
    Column


    Column
    1. Frevvo Default Security Manager (FSM) -  is responsible for authentication/authorization and managing users/roles. This is the default option. Your tenant will be created with this security manager if no other choice is selected. 
    2. SAML Security Manager - This security manager allows the  exchange of authentication and authorization data between an identity provider of your choice (ex:Shiboleth) and a service provider (frevvo). SSO is supported. Although this security manager can be used on-premise it is primarily meant for cloud tenants who use LDAP but do not want to expose it over the internet.
    3. LDAP Active Directory Security Manager (LDAPSM) - The user is authenticated outside . Typically, SSO or  performs the authentication using LDAP directly.
    4. Azure SAML Security Manager - Allows the on-premises AD to be exposed to the cloud via synchronization with Azure AD. Uses the graph API to access users and groups from AD. SAML is used for authentication only, providing single sign on.
    5. Delegating Security Manager - this is the Security Manger needed for Confluence integration.
    6. Custom - (CSM) - Container managed security manager used when there is a requirement for a container to handle authentication.

  • Tenant ID - Enter Tenant ID - Enter the tenant Id in this field - The tenant id can contain characters, numbers, dot(.), hyphen (-) and the underscore. It cannot start with a number. A common practice is to use your domain name for the tenant id.

  • Tenant Name - Enter the name of the new tenant.
  • Tenant Description - Enter a description for the new tenant.
  • Password Strength - This feature only applies to the Default Security Manager. Tenant admins can set password strength requirements on the Create Tenant or Edit Tenant screens. There are four password strength options (Fair, Good, Strong, Very Strong) or the field can be left blank if you do not want to enforce password strength. Leaving this blank will still require minimum password length of 8 characters. When you change the password strength requirement, users whose passwords do not comply will automatically be prompted to change their password on their next login.
  • Max Concurrent Users - Leave this field blank if you do not want to set a maximum number of concurrent users. Concurrent Users are users that are logged into  simultaneously. You will not see this field if your tenant is configured for the LDAP, SAML or AzureSecurity Managers.
  • Admin User Id - This is the tenant admin id. It can contain characters, numbers and the underscore. It cannot start with a number. The maximum length is 16 characters. This account is used as the built-in admin if you are using the LDAP, SAML or AzureSecurity Managers.
  • Admin User Password - This is the tenant admin password. Notice the text will appear as bullets as you type.
  • Reenter the Admin User Password - Reenter  the tenant admin password.  will display an error message, "Invalid Value" if what you type in this field does not match the contents of the Admin User Password field. This is one way to change the password for the built-in admin if you are using the LDAP, SAML or Azure Security Managers.
  • Change password on next login - Tenant Admins can expire passwords by checking this field. The tenant admin will be prompted to change their password the next time they login.

  • Admin User Email Address - Enter the Email Address for the user id specified in the Admin User Id (built-in admin) field. The tenant admin receives an email with a link if they use the Forget Password? feature to reset their password.

...

Configuring the SharePoint Connector

Store submissions and metadata on a registered SharePoint website using the frevvo SharePoint Connector and wizard. The configuration information is discussed in the SharePoint Connector topic

Configuring the LDAP/Active Directory Security Manager

Creating/editing the LDAP tenant is performed by the superuser (on-premise) or the tenant admin (cloud). Refer to this documentation for configuration details and here for some troubleshooting tips.

Configuring the LDAP Container Security Manager

There are some configuration items that must be performed before creating a tenant using the LDAPContainer Security Manager. Once the prerequisites have been completed, adding a tenant that uses the LDAP Container Security Manager is exactly the same as configuring a tenant using the LDAP/Active Directory Security Manager. Please follow the steps listed here.

...

 

Configuring the SAML Security Manager

Creating/editing the SAML tenant is performed by the superuser (on-premise) or the tenant admin (cloud). Refer to the SAML Security Manager topic for the details.

Configuring the Azure SAML Security Manager

...

  • Admin User Id - This is the tenant admin id. It can contain characters, numbers and the underscore. It cannot start with a number. The maximum length is 16 characters. This account is used as the built-in admin if you are using the LDAP, SAML or Azure Security Managers.
  • Admin User Password - This is the tenant admin password. Notice the text will appear as bullets as you type.
  • Reenter the Admin User Password - Reenter  the tenant admin password.  will display an error message, "Invalid Value" if what you type in this field does not match the contents of the Admin User Password field. This is one way to change the password for the built-in admin if you are using the LDAP, SAML or Azure Security Managers.
  • Change password on next login - Tenant Admins can expire passwords by checking this field. The tenant admin will be prompted to change their password the next time they login.

  • Enter the Email Address for the user id specified in the Admin User Id (built-in admin) field. The tenant admin receives an email with a link if they use the Forget Password? feature to reset their password.

Built-in admin for LDAP, Azure and SAML Security Manager tenants

A Tenant admin can login directly to Live Forms or login with a user id who has been given tenant admin permissions in your Active Directory. Tenants using the LDAP(s) Security Manager now have the ability to configure a built-in admin account. This was not possible for this Security Manager in previous releases.

...

Definitions of Password Strength:

  • none - uses system default, enforces a minimum password of 8 characters
  • Fair - very guessable: protection from throttled online attacks. (guesses < 10^6) Strength meter will indicate "Very weak."
  • Good - somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8) Strength meter will indicate "Weak."
  • Strong - safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
  • Very Strong - very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)

A user creating or resetting their password will be required to meet the password strength specified by the tenant admin. Password strength is indicated as the user types by a Password Strength Meter visible below the entry. There are no specific length or character requirements, but the meter will detect the strength of the password based on use of uncommon words or phrases and unpredictable use of capitalization, numbers and special characters. Helpful suggestions appear to prompt the user towards a stronger password. Password length is limited to 100 characters and an error message will appear if user attempts to enter more than 100 characters. Users cannot use their old password or a temporary password as the new password. Here are screenshots of what a user might see if the Tenant Password Strength is set to "Strong." Strong and Very Strong passwords use uncommon words or phrases and unpredictable use of capitalization, numbers and special characters.

...