Articles in this section

Enable and configure your authentication option(s)

Once you understand how authentication works in Messages XR Enterprise, you are now ready to enable and configure your selected authentication option. This article will show you how it works!

 

 

This is a Help for District Administrators article, providing comprehensive support for those with the highest level of access as they help their communities get started with Messages XR Enterprise.

 

Prerequisite

Before you enable and configure your authentication, make sure you understand all of the options in the article, “Authentications in Messages XR Enterprise.” Then, you can use this article to walk you through the configuration steps for the method(s) of your choice.

Navigate to authentication area in Global Settings

  • Navigate to the Global settings tab in Settings.
  • Scroll down to the Authentication settings to open them up into a new window.global settings > authentication.png
    authentication area in global settings.png

Configure authentication settings

Let’s walk through the settings you see on the main Authentication area from top to bottom:

Login help text

Enter the details that you want to include when users experience difficulty logging in to the app.

Forgot password link

Select or clear the Forgot Password link from either the web interface or the mobile app.

Terms and conditions

Writing terms and conditions for users entering an authentication method is crucial to ensure legal protection, inform users of their responsibilities, and maintain privacy and security. When mobile app users login, they will see the Terms and Conditions link sending them to this information. Get help writing these at https://www.termsfeed.com/blog/write-terms-conditions/.

Third-party login options

Enable and configure Facebook authentication

  • Check this box to enable Facebook authentication on your platform.
  • Facebook authentication is convenient and secure for school communication platforms, using familiar login methods and integrating seamlessly.
  • When users log in with Facebook, their profile and email address are shared, verified, and saved, ensuring quick and easy access. During the initial login, users enter their credentials, and the Facebook profile information is sent to the Messages XE Enterprise product, where it is verified and stored. For future logins, Facebook automatically passes the necessary information, streamlining authentication without rechecking the email address.

Enable and configure Google authentication

  • Check this box to enable Google authentication on your platform.
  • Google authentication is a good option because it combines robust security, user convenience, seamless integration, reliability, and supports single sign-on (SSO) for a streamlined and secure login experience.
  • When users click "Sign In using Google," they enter their email or phone number and password on the Google Account sign-in page. If the login information is correct, the Google API passes the email and Google ID to the Community Engagement product, where it is verified and stored if it's the user's first time logging in. For subsequent logins, the stored Google ID ensures seamless authentication without rechecking the email address.

Enable and configure Apple authentication

  • Check this box to enable Apple authentication on your platform.
  • Apple authentication ensures secure user verification by using methods such as Sign In with Apple, which employs Face ID, Touch ID, or passcodes, and two-factor authentication (2FA). It also prioritizes user privacy by minimizing data sharing and allowing users to control what information is shared with apps and websites. This combination of security measures and privacy protection provides a seamless and trustworthy login experience.

Import login/password

These settings determine whether or not to update a user's login name and password during user data imports from the Import Login/Password Updates area.

  • Checking the box will update a user’s login name and password during user data imports.
  • Leaving the box unchecked means the user’s login name and password are not updated and will remain as they are before the import.

Community Messenger

The Community Messenger feature enables users to subscribe to district and school updates using a special subscription field on your login screen. This is a perfect use case for extended family members and friends of the district to be included in message sends.  

Important Note

Subscribing in this way doesn't mean that community members will receive each and every message that is sent out, but only those where the Community Member group is selected in the List tab of Select recipients

The user journey

  • Once you have enabled Community Messenger, a user will see the Sign up button on the login page and/or wherever else you choose to embed this sign up form. 
  • When clicked, the Community Member role will see a Notification sign up page to enter Personal info, contact info, and check boxes next to the type of news they would like to receive. 

sign up button.png   notification sign up page.png

The setup process

  1. Enable: In Global Settings > Authentication settings, locate the Community Messenger section. Check the box next to Enable. Then, you will see a banner with a “Sign up” button at the bottom of your login screen.
    sign up button.png
  2. Allow login: Check next to the Allow login box if you would like to provide for the ability for the person to login as the Community Member role. 
  3. Code to embed: Copy this code to embed the Community Messenger sign-up form by pasting it onto your website.
    community messenger embed.png
  4. Select Community Member group: When sending a message, be sure to select the Community Member group. 
  5. Share this article with your community to help them learn how to get signed up, "Help your community members sign up to receive communications."

Enable and configure LDAP authentication

With this feature, you can use your LDAP database for user authentication.

  • Once enabling the feature, set the server and certificate information.
    • LDAP server URI: Enter the LDAP server URI into this field
    • LDAP CA certificate: Upload the certificate file here
    • Allow self-signed certificate: Check this box to allow an SSL/TLS certificate to be uploaded that is not signed by a trusted Certificate Authority but only signed by the entity who created it.

      Important Note

      Checking this box does not provide the same level of trust and validation; therefore, understand the security implications before checking this box.

    • Use STARTTLS (Start Transport Layer Security): This is a protocol command used to upgrade an existing, unencrypted connection to an encrypted one using TLS, helping to secure the communication between the LDAP client and server without needing to establish a separate, secure connection from the beginning.
    • Enable LDAP DN Lookup: This setting allows you to configure your LDAP server or client to allow searches based on Distinguished Names (DNs). When LDAP DN Lookup is enabled, you can perform searches using the DN of an entry to find specific information within the directory. This is useful for locating users, groups, or other directory objects quickly and accurately.
    • LDAP base DN / Binding username / Binding password: These fields enable the LDAP client to connect to the LDAP server, authenticate, and perform searches or modifications starting from the specified Base DN. You can obtain the information for these fields from your LDAP administrator and in the files of the LDAP server.

Enable and configure SAML authentication

  • Once you enable the feature, set the third-party identity provider information.

Use your SAML single sign on for user authentication

  • Once enabling this feature, set the third-party identity provider information.
  • To embed a login widget to your district or school website, copy the Login Widget embed code
  • Enable ldP XML Metadata: This involves uploading or entering the metadata for your Identity Provider (IdP). You can usually find this metadata file on your IdP's website or documentation. It contains important information like the issuer's URI, SSO service URI, and public keys.
  • Clear XML: If you need to remove the current metadata, you can clear the XML field to start fresh and upload a file here.
  • SAML SSO Login Label: This is the label or name displayed on the login page for Single Sign-On (SSO). It helps users identify the SSO option they should select. For example, "Parentlink.net SSO" would be the label for the SSO option provided by Parentlink.net.
  • SSO Roles: These are the roles or permissions assigned to users after they successfully authenticate via SSO. You can map these roles to specific user attributes or groups defined in your IdP.

To access this information, you can:

  • Log in to your Identity Provider (ldP) to download the metadata file and configure the necessary attributes and roles.
  • Log in to your Service Provider (SP) to upload the metadata file, set the login label, and configure the SSO roles.

Login widget

Use the code in this box to embed a login widget onto areas of your website. You can click Preview Widget to see what it will look like once embedded.

 

Was this article helpful?
0 out of 0 found this helpful