|
Logging In/Out |
  
|
Logging In/Out
|
Logging In/Out |
|
Overview
Accessing MCL-Mobility Platform always implies logging in and, when the session is over, logging out.
The login procedure is affected by the user authentication method that is defined in your MCL-Mobility Platform account, specifically within the "Account Details" sub-module.
There are 2 user authentication methods available.
•Internal System Method (user authentication managed internally by MCL-Mobility Platform). See Internal System User Authentication/Login for more details on the login/logout procedure set for the internal system method of user authentication with Basic Authentication or Two-factor Authentication.
•External System Method (user authentication is managed by an external provider based on OpenID Connect protocol). See External System User Authentication/Login.
Internal System User Authentication/Login
Regardless of the platform user's role/access rights, he can log in to MCL-Mobility Platform using the internal account URL (https://< your Account Code>.mcl4e.com/login) - the login procedure will identify/validate the user and his profile, redirect him to the compatible area within the account and adapt the interface to the user's role/access rights.
For instance, if a site supervisor associated to Site A and a deployment manager included in Site B use the internal account URL, each one will, respectively, be redirected to Site A and Site B even though both used the same URL to log in.
If a platform user is associated to more than one site, when he uses the internal account URL to log in, he will be redirected to a site selection page where he will select the site he wants to access.
In the case of an account administrator using the same URL, he will open the account's Admin Dashboard. If he wants to access a site directly, he will have to enter the intended site's internal site URL.
The user can also log in using the account URL (https://< your Account Code>.mcl4e.com), if your MCL-Mobility Platform account has been set up for Internal System User Authentication ("Internal System" method set as default) - the user will be redirected to the internal login page.
If, for whatever reason, you want certain platform users to only access a site directly, they can log in with the URL for the site the platform user is assigned to and wants to access.
See MCL-Mobility Platform URLs.
Platform users that are assigned to more than one site will use the same username/password (Basic Authentication) to access those sites. The same goes for Two-factor Authentication - if it is implemented for a user, the defined settings will be applied to the login of every site the user is associated to.
In addition to a Basic Authentication login (only username and password needed), MCL-Mobility Platform offers the possibility to implement a login with Two-Factor Authentication, meaning, the user must enter his username & password and a code that can, potentially, be sent via SMS or Email or generated via an Authenticator Application. See Two-Factor Authentication Login and/or Basic Authentication Login.
Step-by-step
1. Enter the URL for the MCL-Mobility Platform account (or the URL of the site you want to access) into your browser to open the login page.
2. Enter your username and password in the corresponding fields.
3. Click 
. Depending on your role (account administrator, site manager, site supervisor, MDM manager, device manager, operator manager, deployment manager, configuration manager or custom user) and assigned site, you will be redirected to the intended area within the account (the Admin Dashboard or the Site Dashboard of the site you are assigned to).
If you get an error, see Possible Login Error Messages and proceed as advised.
Two-Factor Authentication Login
Being a web-based platform, security is both a requirement and a necessity. With that in mind, MCL-Mobility Platform allows you to implement a Two-Factor Authentication method for the login of platform users. This method implies the use of a username & password (Basic Authentication) plus a code that can be provided by an Authenticator Application installed in the user's mobile phone or generated by MCL-Mobility Platform and sent to the user via SMS or email.
This type of authentication is defined within each platform user's profile - the options available during the login process ("SMS", "Email", "Authenticator Application") are set in the "Security" tab of each user's "User Details" page. See User Details - Security Tab.
The following step-by-step is for the platform user that wants to log in/access the MCL-Mobility Platform account/site he is assigned to.
Step-by-step
1. Use the URL for the MCL-Mobility Platform account (or the URL of the site you want to access) into your browser to open the login page.
2. Enter your username and password in the corresponding fields.
3. Click to continue. If you get an error, see Possible Login Error Messages and proceed as advised.
At this point, a window opens with the available authentication methods. This has previously been set up in your "User Details" page, specifically, in the "Security" tab by the account administrator (or site manager assigned to your site). See Editing a User - "Security" tab.
This step-by-step will proceed as if all options were enabled, meaning, the "Security" tab included in the details page of the user logging in looks like this:
|
All of the options in the "Two-Factor Authentication" section are checked/enabled. This means this user can choose one of these methods to combine with the basic authentication (username + password) when logging in. |
4. Select the authentication method you want to use to get the required code.
If only one authentication method was enabled for your profile, you will jump directly onto the login window for that method.
At this point, the window displays the user's username next to the account number (because the user has already been identified using the previously entered username & password).
|
Select "Authenticator Application" if you want to use it to generate a code that will be accepted as your second login authentication. You can use any trustworthy Authenticator application (ex: the Google or Microsoft app).
If this option was enabled for your profile but you have not configured the application yet, you will be asked to set it up within a specific time frame - there is an expiration date for this setup. See To Set Up the Authenticator Application.
|
Select "Email" to receive the required code via email - the email will be sent to the address defined in the user's details page. |
|
Select "SMS" to receive the intended code via SMS - it will be sent to the mobile phone number defined in the user's details page. |
5. Click 
to continue. This button only becomes active after you have selected a method.
6. Click the links below to view the version of the login window for each selected method and the instructions on how to proceed:
|
a. Enter the code generated by the Authenticator Application that you have connected to the MCL-Mobility Platform account into the corresponding field.
b. Click This button only activates once you have entered a valid code.
If required, you can return to the previous window and select another method by clicking the "< Change Method" link. Be aware that this option is only available if you have other enabled authentication methods. |
|
a. Enter the code that was sent to the email address defined in your profile into the corresponding field.
b. Click This button only activates once you have entered a valid code.
For security reasons, the target email is only partially displayed - there is enough information to let the user identify it.
Pay attention to the time limit for this authentication which is provided below the input box. The code is only valid for a limited time so, if it expires, click "Send a New Code" to get another email with a new code and enter it.
If required, you can return to the previous window and select another method by clicking the "< Change Method" link. Be aware that this option is only available if you have other enabled authentication methods. |
|
a. Enter the code that was sent via SMS to the mobile phone number defined in your profile into the corresponding field.
b. Click This button only activates once you have entered a valid code.
For security reasons, the target phone number is only partially displayed - there is enough information to let the user identify it.
Pay attention to the time limit for this authentication which is provided below the input box. The code is only valid for a limited time so, if it expires, click "Send a New Code" to get another SMS with a new code and enter it.
If required, you can return to the previous window and select another method by clicking the "< Change Method" link. Be aware that this option is only available if you have other enabled authentication methods. |
To Set Up the Authenticator Application
To use this method of Two-Factor Authentication to log in, the user must install an authentication type application in his mobile phone and connect it to the MCL-Mobility Platform account.
MCL-Mobility Platform accepts whatever trustworthy Authenticator Application the user may want to install (ex: the Google or Microsoft app).
This application setup requires the editing of the user's details page (by the account administrator or the intended site's site manager) and steps taken by the user with his mobile phone.
The user's "User Details" page, specifically the "Security" tab, must have the "Authenticator Application" option checked to enable it for the user. This can only be done by the account administrator or the intended site's site manager. This can be configured when the user's profile is being created or it can be defined later on. See Editing a User - "Security" Tab.
The following step-by-step provides instructions for the user who had this Two-Factor Authentication method made available for him for the first time.
Step-by-step
1. Use one of the following methods to access the Authenticator Application Setup wizard:
•via the Login Page (if the setup was not performed after the Authenticator Application method was enabled in the user's details page).
a. Open the login page, fill in the username and the current password and click .
•via Email (this email is automatically sent when the account administrator (or your site manager) enables the "Authenticator Application" option in your details page for the first time.)
a. Open the email you received from MCL Mobility Platform and click the 
link. This link opens the login page.
Be aware that this link has an expiration date. The end date for the authenticator application setup is referred below the link. Ex.: "Application setup period will end on 01 Nov 2022".
b. Enter your username and password and, then, click .
|
|
|
Once you click , you are redirected to the Authenticator Application Setup wizard:
2. Click 
.
This window also provides the expiration date for the setup operation.
If required, you can click 
to postpone this operation, in which case, the wizard will close.
3. Follow the instructions described in the wizard:
a. Install an Authenticator Application in your mobile phone (or open the one you are already using).
b. Add a new account in that application.
c. Use your mobile phone to scan the QR Code in your PC screen (default option) OR click 
to turn the QR Code into an alphanumeric format and, then, enter that code in the corresponding input field provided in the authenticator application.
d. Enter the security code returned by the Authenticator Application in the corresponding field (wizard's step 4). This enables the button.
e. Click and wait for the setup success message.
4. Click to log in to the MCL-Mobility Platform account and access the intended area.
To Revoke the Current Authenticator Application Setup
If required, it is possible to revoke the connection to the current Authenticator Application (ex: due to the loss or replacement of the user's mobile phone) and set up a new authenticator application connection. This is triggered by the account administrator or the site manager assigned to the site that the platform user is associated to.
This procedure is initiated in the intended platform user's details page and, then, it is completed by that user.
The following step-by-step describes the full procedure with instructions for the account administrator/site manager and the user.
Step-by-step
Account Administrator/Site Manager Steps
1. Access the intended user's "User Details" page (Control Panel > "Set Up" module > "Users" sub-module > "User Management" page > "User Details" page) and open its "Security" tab.
2. Click the "Revoke App Setup Connection" link. This link is active if the page is in view or edit mode.
3. Click 
to proceed.
The information in the user's details page changes to reflect the current situation.
At this point, the platform user will receive an email explaining he must set up an authenticator application again. The email will also refer the expiration date for this setup.
If the account administrator/site manager is made aware that the user did not set up an authenticator app during the defined time period (ex: info on the platform user's details page - "Setup not executed yet. Period has expired"), he can send another email with a new link for the setup.
a. Click the "Reactivate Setup Period" link next to the "Authenticator Application" option.
b. Click The user will receive a new email with a link to perform the setup.
|
Platform User Steps
The platform user will become aware of this situation when he receives an email or when he attempts to log in after the connection has been revoked.
4. Use one of the following methods to access the Authenticator Application Setup wizard:
•via the Login Page (if you attempt to log in after the connection revoking by the account administrator/site manager).
a. Open the login page, fill in your username and password and click .
•via Email
a. Open the email you received from MCL Mobility Platform and click the link.
This link opens the login page.
b. Enter your username and current password and, then, click .
Once you click , you are redirected to the wizard.
The pop-up window provides the end date to complete this operation.
5. Click to proceed and repeat the setup:
a. Install/open the Authenticator Application in your mobile phone.
b. Add a new account in that application.
c. Use your mobile phone to scan the QR Code in your PC screen (default option) OR click to turn the QR Code into an alphanumeric format and, then, enter that code in the corresponding input field provided in the authenticator application.
d. Enter the security code returned by the Authenticator Application in the corresponding field (wizard's step 4). This enables the button.
e. Click and wait for the setup success message.
6. Click to complete the procedure and access the intended MCL-Mobility Platform account area.
You can view key details of your profile without accessing a user details page (ONLY account administrators and site managers can access the "Users" sub-module).
One of the described options below will be available in the page you are in. Use it to open a window with your profile details.
•Go to the "Welcome Box" (located on the upper right corner) and click "My profile".
|
|
|
•In the page's upper-right corner, click 
to open a menu and, then, click 
.
|
|
|
The displayed details CANNOT be edited. ONLY the account administrator and/or your site's site manager can edit your profile.
You can, however, reset your password in the login page. You can click the "login page" link to be redirected to the login page. See User Triggered Password Reset.
Click 
/ 
to close the window.
Logout
Always log out when you want to finish the MCL-Mobility Platform session. Use the logout option that is available to you in the current page:
•Go to the "Welcome Box" (located in the page's header, to the right) and click "Logout".
•In the page's upper-right corner, click to open a menu and, then, click 
.
The logout page opens with the success logout message displayed.
You can use the "Go to Login page" link to go to the default login page defined in the "Account Details" - "User Authentication" tab in the "Default Method" field.
Occurrence: When clicking (after filling in the "Username" and "Password" fields).
Possible Causes/Actions:
a. Cause: The filled in username or password is wrong.
Action: Confirm the username and the password and fill in the options with the correct information.
If required, click the "Reset Password" link to reset your password. See User Triggered Password Reset.
b. Cause: Your current status does not allow you to access the MCL-Mobility Platform account (= status "Disabled").
Action: Your current status must be checked. This can be done in the "User Management" page and/or your details page by the account administrator or your site manager.
If it is confirmed that you have a "Disabled" status, the account administrator or your site manager must change your status in your "User Details" page to "Enabled".
See To Alter User Status in a "User Details" Page.
c. Cause: You do NOT currently have a profile in this MCL-Mobility Platform account (ex: the profile may have been erased).
Action: The account administrator or site manager of the intended site must create a compatible profile for you, you must set up a password and, then, repeat the login.
See Adding a User and Initial Password Setup
Occurrence: When clicking (after filling in the "Username" and "Password" fields in the login page).
Causes: This means either the account administrator or your site manager have deactivated your password and you must define a new one:
a. Enter a new password and repeat it in the corresponding input fields.
Password Requirements
The password MUST include, at least, 1 alphabetic character and 1 numeric character.
The password MUST have a minimum of 8 characters.
Spaces are NOT allowed.
The username CANNOT be used as a password.
The new password MUST be different from the current one (that has been deactivated).
b. Once the button becomes active, click it to set up the new password and proceed with the login.
External System User Authentication/Login
MCL-Mobility Platform allows you to integrate an OpenID Connect-based external user authentication provider of your choice to handle user access to your account. This implies the external provider will manage the user's credentials (username/password) as well as the used login page.
This type of implementation results in a user login flow that starts with:
1. MCL-Mobility Platform redirecting the flow to the external authentication provider (to an external login page) so the provider can validate the entered user credentials,
2. receiving information on that user,
3. redirecting the user to the intended MCL-Mobility Platform page according to the received information.
External System Login
The steps below represent a login into an MCL-Mobility Platform account with a default external system method.
Step-by-step
1. Enter the account URL https://<your Account Code>.mcl4e.com/ OR the external system URL into your browser.
The external system URL is displayed in the "Account Details" page - "User Authentication" tab.
This URL is provided by the account's account administrator(s) (ONLY an account administrator can access the "Account Details" page).
You will be redirected to the login page managed by the external authentication provider.
Below is an example of an external login page:
2. Enter your username and password in the corresponding fields. These credentials are provided by the external user authentication provider.
3. Click 
.
Depending on your role/access rights and assigned site (defined in the "User Profiles" sub-module), you will be redirected to the intended area within the account:
•If you are assigned to more than one site, you will be redirected to a site selection page where you can choose which of your assigned sites you want to access.
•If you are only associated to one site, that site's Site Dashboard will open.
•If you have an account administrator role, you will be redirected to the account's Admin Dashboard.
If, for some reason, the external system login method does not work, it is possible to access an MCL-Mobility Platform account using the internal account URL (https://< your Account Number>.mcl4e.com/login) and the internal credentials to log in, provided that the user logging in still has an internal user with an "enabled" status. See Users/Internal Users.
If you have any issues with your access/rights to the account/site(s) (ex: you are not redirected to the intended page or have credential issues), please contact your account administrator because he is the ONLY user role that can access external system related sub-modules/options.
External System Logout
Always log out when you want to finish the MCL-Mobility Platform session. Use the logout option that is available to you in the current page:
•Go to the "Welcome Box" (located in the page's header, to the right) and click "Logout".
•In the page's upper-right corner, click to open a menu and, then, click .
You will be redirected to the logout page which includes a link to access the account again ("Go to Login Page"), if necessary. Clicking the link leads to the current default login page.
