Security

You can manage security-related tasks for accounts and zones from the Settings → Security page.

Account

The account refers to the individual user account. From the Settings → Security tab, you can configure authentication for your account. 

To access the account details, go to the Settings menu () in the console.

Note: Email two-factor authentication is required by default. To access the console, you must use a form of two-factor authentication (email or mobile) or single sign-on.

Two-factor Authentication: Email or Mobile

Email two-factor authentication (2FA) is enabled by default. When you log in to the Automox console using your email address and password, you will also need to enter the verification code sent to your email address.

You can select between email or mobile authentication from the Account > Two-factor Authentication section.

  • When you select Mobile from the Two-factor Authentication section, the next time you log in to the Automox console using your email address and password, you will also need to enter the verification code from the mobile app you are using. See the next section for details about setting up authentication using a mobile method.

Enabling Mobile Two-factor Authentication

You can enable mobile two-factor authentication (2FA) using Google Authenticator, Authy, or other mobile app.

  1. Download a 2FA mobile app such as Google Authenticator or Authy.
  2. Install the app and open it.
  3. From the Automox console, go to Settings → Security and select Mobile from the Two-factor Authentication section.
  4. From the Mobile Two-factor Authentication window, you must scan the QR code with your mobile device to pair it with the Automox console.
  5. Enter the code that appears. Depending on the mobile app you are using, you might need to enter a second code.

Resetting mobile two-factor authentication

If you lose access to the mobile authentication method, contact your administrator to regain access to the user account.

Note: Global Administrators cannot reset 2FA for other Global Administrators. For assistance, please submit a request in our help center.

Zone

Only Zone Administrators have permission to configure the following zone security settings:

  • Login Attempt Settings
  • SAML (single sign-on)

Login Attempt Settings

You can set the number of login attempts to the Automox platform that a user can make within a time frame before the account is locked.

  1. Click Update to open the Login Attempts Configuration dialog box.
  2. You can set the following:
    a. Enter the maximum number of login attempts a user can make within a set time frame.
    b. Enter a time frame in minutes. If the user exceeds the allowed number of login attempts during this time frame, the account is locked.
  3. Click Update.

In this example, the user can attempt to login 5 times within a time frame of 5 minutes. If the user exceeds the number of attempts within the 5-minute time frame, the account is locked.

For assistance, contact Automox Support.

SAML-based Single Sign-on (SSO)

You can enable SAML-based single sign-on (SSO) for all of your Automox users. Automox supports SAML-authentication through Microsoft Entra ID (Azure AD).

Prerequisites: You must have the required permissions to perform this action. See Roles and Permissions.

Note: When SAML-based SSO is enabled, you can no longer sign in using email address and password.

Security Assertion Markup Language (SAML) is a standard for exchanging authentication data between an identity provider and a service provider. With SAML, users can use corporate credentials at a single point of authentication. There are two types of authentication flows. Automox-to-IDP and IDP-to-Automox.

Automox-to-IDP

The Automox-to-IDP authentication flow allows users to provide their email address from the Automox console login page, and be redirected to their configured Identity Provider (IDP) for authentication before being redirected back to the Automox console as the expected user.

For Automox-to-IDP, follow these steps:

  1. From the Settings → Security tab in your Automox console, go to SAML.
  2. Click Enable.
  3. Enter the authentication code for your two-factor authentication (2FA) method.
  4. In the Configure SAML window, enter the following information that is provided by your Identity Provider:
    • Entity ID
    • x509
    • Login URL
  5. Click Save Configuration.

When you save the configuration, the 2FA method is disabled.

IDP-to-Automox

The IDP-to-Automox authentication flow allows users to log into the Automox console directly from their IDP dashboard. This is a common flow in organizations that utilize more than one SSO-enabled service.

For IDP-to-Automox, follow these steps:

  1. From the Settings → Security tab in your Automox console, go to SAML.
  2. Click Enable.
  3. Enter the authentication code for your two-factor authentication (2FA) method.
  4. In the Configure SAML window, switch on Use XML Configuration.
  5. Enter the XML Configuration information and click Save Configuration.

When you save the configuration, the 2FA method is disabled.

Disabling SAML

You can disable SAML-based single sign-on (SSO) for all of your Automox users. 

  1. From the Settings  > Security tab, go to SAML.
  2. Click Disable.
Note: When you disable SAML for an organization, user security settings are automatically updated to require email two-factor authentication. They must re-authenticate their session using email verification.

Related Topics