User Log In Management

The User Log In Management section covers topics related to administering passwords and authentication on your Sugar instance including the use of Active Directory and LDAP.

Topics

Sugar can be configured to accept Lightweight Directory Access Protocol (LDAP) authentication if your organization has implemented LDAP or Active Directory authentication. When users in your system attempt to log into Sugar, the application will authenticate them against your LDAP directory or Active Directory. If authentication is successful, the user is allowed to log into Sugar. If the authentication is unsuccessful, Sugar will then attempt to verify the provided credentials against its own database of valid usernames and passwords.

SugarIdentity can be configured to accept Security Assertion Markup Language (SAML) for single sign-on if it is implemented at your organization. If you use SAML and would like to have SAML attributes (e.g. email) map to the SugarIdentity user fields (e.g. email), you will need to set up the attribute mapping in the identity provider (e.g. Okta) using the SAML attribute values listed in the table below. Once the attribute mapping is configured, going forward, when a new SAML user is created or the SAML attributes (e.g. email, title) are modified in the identity provider (e.g. Okta), these changes will sync to SugarIdentity when the user logs into Sugar. This article covers how to configure the SAML attribute mapping for Okta and ADFS.

Sugar/SugarIdentity allows single-sign-on authentication using Active Directory Federation Services (ADFS) and SAML so that it can be integrated with a connected system using a single user ID and password. This article walks through configuring ADFS to allow external authentication using SAML 2.0.

Sugar allows single-sign-on authentication using Active Directory Federation Services (ADFS) and SAML so that Sugar can be integrated with a connected system using a single user ID and password. This article walks through configuring ADFS and Sugar to allow external authentication using SAML 2.0. For more information about external authentication methods, please refer to the Password Management documentation.

Sugar® allows single sign-on authentication using Google and SAML so that Sugar can be integrated with a connected system using a single user ID and password. This article walks through configuring Google and Sugar to allow external authentication using SAML 2.0.

Sugar®/SugarIdentity allows single sign-on authentication using Okta and SAML so that it can be integrated with a connected system using a single user ID and password. This article walks through configuring Okta to allow external authentication using SAML 2.0.

Sugar has a "Forgot Password?" feature that administrators can enable to let users reset their passwords if they forget it. By default, this option is disabled for LDAP authentication purposes. This article explains how to enable the option if you are not using LDAP authentication for your Sugar instance. 

The lockout period depends on what the administrator has specified on the Password Management page. The system restores the ability to log in after the specified time interval has elapsed.

In the event that a Sugar administrator cannot log in, you can reset the administrator password from the database in order to regain access to any administrative functions in the application. If an administrator can log in, please refer to the Change a User's Password article instead.

With LDAP configured with Sugar, you may have settings established that allow any user who enters their LDAP credentials to log into Sugar. This creates a new user account for each individual that logs in and can inadvertently exceed your license count or grant unintended access to sensitive data. This article covers how to ensure that only users who are explicitly created in Sugar can log in with their LDAP credentials.

Since your Sugar® instance contains proprietary information, it is important that only authenticated users access the system. In order to protect your instance from unauthorized access, Sugar offers multiple layers of security for user authentication. This article describes the various user-related security features.

Reach out to us for help