EBA 01

Email Based Authentication


About Email Based Authentication

In the new 5.26 version, Commander, Stream, Live+, and Path are moving from username to email address as the method of identifying and authenticating users. This change allows significant improvements to the underlying security and scalability of the Cloud Application and also lays the groundwork to robustly support third-party authentication systems such as Microsoft Active Directory, and to support more advanced authentication schemes such as Multi-Factor Authentication.

Over time, customers will be able to use these new accounts across almost all Safe Fleet applications and infrastructure.

IMPORTANT: Existing Users Migrating to EBA

Before an existing user can access the application suite, a one-time migration of user accounts from the old system to the new is required.

Each user will need to provide a verifiable and unique email address. Users will also be asked to re-enter their passwords to be stored in the new system. Safe Fleet stores passwords securely in a way that ensures even Safe Fleet cannot read them. This means that passwords cannot be migrated automatically.

This process can be initiated by either the administrator or the user. In both cases, the system sends an email requesting the user to set a new password.

Once the migration is complete, users of this version will access a new Log in screen where Email and Password are requested.

Other Implications of Having Email Based Authentication

Email Address

In v5.26, only non-migrated users can edit their email address. Migrated users can have the migration reverted if email change is necessary. This functionality will be removed in a future release.

The Users Dialog

Within Fleet Settings, the User dialog displays a new interface (see image on next page). The first thing you may notice is the absence of User ID, but Email becomes a mandatory identification field and displays in the left column.

A new Migrate column indicates the status of the user with regards to the migration process necessary to gain access to the application:

  • Pending (1) shows that the user has not undergone migration yet. A clock icon displays on the left.
  • Migrated (2) indicates that the process has been completed. A check mark icon displays on the left.

In the Actions column, on the far-right of the screen, a new Migration button is disclosed between Edit and Delete. This button will toggle its functionality and icon design depending on the status of the migration:

  • Migrate (3) allows user migration to Email Based Authentication.
  • Revert Migration (4) allows migrated users to revert the process.

NOTE: Editing Mail

Remember that users already migrated to Email Based Authentication can no longer edit their email address unless the migration is reverted.