User Settings
Login/Signup Methods
Disabling Signups
From within the default Users table of an app within the Settings tab, front-end user registration can be enabled or disabled. By default, this feature is enabled and allows for the ability to utilize the signup component to add a new user to an app. Upon disabling this feature, any signup components cannot be utilized and will instead appear with the message configured to notify the page viewer that the component is not available.
Domain Restrictions
You may restrict Logins & Signups by specific domains. For example, if your application is only meant for internal employees, you may add a domain restriction for mycompany.com
Anyone who attempts to Login or Signup with an email address that does not end with mycompany.com will be denied access.
Single Sign On Providers
Single Sign On (SSO) is a mechanism that enables your app users to signup or login to your app using their existing providers such as Google, Twitter, and Facebook.
Getting started with SSO
To get started with Single Sign On, you must first enable the setting by going to Settings > User Settings > General > Login/Signup Methods and enabling the SSO method that you would like your users to use.
Once enabled, you will need to add the ID and Secret supplied by the provider. In the instructions, below we will demonstrate how to obtain these values from Google, Facebook and Twitter.
To get the Client ID and Client Secret from Google, start by going to the API Credentials Portal in the Google Console: https://console.developers.google.com/apis/credentials
Create OAuth Consent Screen
Create a new OAuth consent screen in your Google Console. This will be where you enter your details about your app, the app logo, and other relevant details. If this will be used only within your organization, select Internal, otherwise External.
Generate Credentials
After creating the OAuth consent screen, head over to the Credentials menu, click + CREATE CREDENTIALS, and choose OAUTH client ID.
On the next screen, choose:
- Application Type = Web application
- Name = a name of your choice
- Authorize redirect URI's = Get this value from Tadabase (see below)
To get the Callback URL, also knows as Authorized Redirect URLs, get this value from within your app settings for the specific provider you are enabling this for.
Save Credentials to App
Google will then provide you with the Client ID and Client Secret which must be pasted into the SSO settings inside of Tadabase.
Adding SSO to the Signup Component
In order for your users to login to your app using SSO, they must sign up using the Signup Component.
To add the SSO provider as an option in the Signup form, open a Signup Component and select the option for the relevant SSO provider under the Buttons/HTML menu on the left-hand side of the component configuration window.
When email signups are disabled in the User Settings, and an SSO method is enabled as can be seen in the image below, you must add the SSO links in the Single Sign On (SSO) screen instead:
The default signup for will be replaced with the Single Sign On (SSO) form which will appear during this circumstance. You can add your SSO buttons into the Single Sign On (SSO) form instead
Adding SSO to the Login Component
To add the SSO provider as an option in the login form, open a Login Component and select the option for the relevant SSO provider under the Buttons/HTML menu on the left-hand side of the component configuration window.
This will add the Login With Google option inside your login component.
SSO on Copied Apps
If a copy of an app with SSO set up has been created and the users of the copied app must be able to use their Google account to log in, you may enable this by adding the callback URL of the copied app to the Authorized URIs of the existing OAuth Client ID for the original app.
Login Logs
In the default Users table of an app, user Login Logs can be configured and viewed within either the Login Logs or Settings tab. From the Settings tab, Login Logs can be configured to save a number of values for user events including login and logout. From the Login Logs tab, a table of logged records can be viewed based on the configurations that have been set.
Through an app’s Users table Settings tab, Login Logs can be enabled via the Log All User Logins option. Once enabled, the logs are set to contain the fields User Email, Type, Created Date, and User Name. The Type field represents whether the event is a login or logout and the Created Date is recorded as the time the event occurred. The Email and User Name are pulled from the logged-in user’s record in the Users table.
Upon enabling Login Logs, options to Log Host Information, Log IP Address, and Log User Location become available. These options each add fields to the Login Logs table.
-
Log Host Information adds five fields to your user login logs related to how the user is accessing your app. These fields are Browser, Platform, Screen Width, Screen Height, and URL.
-
Log IP Address adds one field to your user login logs representing the IP address from which the user is accessing your app.
-
Log User Location adds full address information to your logs. The fields included are Address, Address2, City, State, Country, Zip/Postal Code, Latitude, and Longitude. If the chosen setting is Enabled, the location will be captured based on whether the user's browser is allowing your app to access the location. If the chosen setting is Required, the user must have their browser set to allow location access for your app to log in. If the location is Required and the user chooses to block your app, the user will not be able to log in and the configurable message will show in a popup.
Password Complexity
Password complexity can be set in an app’s Security Settings found within the Settings tab of the builder. Various options can be configured for users to follow in terms of password complexity for passwords set upon user signup or password reset.
-
The minimum character requirement can be set to a custom length.
-
A built-in check can be set to verify that no common words are used in passwords. Common words that are verified include character sequences that are not recommended for passwords such as 123, password, hello, etc..
-
A requirement of at least 1 number is met when a numeric character is included.
-
A requirement of at least 1 special character checks for a non-alphanumeric character.
-
A requirement of at least 1 lowercase character can be met with the inclusion of an a-z character.
-
A requirement of at least 1 uppercase character can be met with the inclusion of an A-Z character.
If any of the configured requirements are not met, the configurable message appears in addition to a list of the requirements that must be met before the password is successfully saved for the given user.
Two Factor Authentication
Enabling Two Factor Authentication (2FA) will force Users to provide a secondary authentication in order to login to your application.
Authentication codes are provided to the User via email and must be inputted correctly before access is approved.
Session Tracking
Each time a user logs into your app a session is created on the server and at any point can be deleted which will log users out. You can see and track all your currently active users and Logout them if necessary.
Keep in mind, this will only show users that still have a live session. To track past logins you must use the User Login Logs.