Strengthen access to the Work Portal is an important security measure for your environments. When authenticating users you might be dealing with different situations where users cannot access the portal, for example, credentials not set correctly, that the account is locked, or advanced technical issues when you are using external identity providers, like Azure AD. This article describes the features that Bizagi offers when you need to troubleshoot user authentication.
When users are logging in they can have two issues:
•Related to the account
•Related to the Identity Provider
Independent from the authentication type that you have chosen, Bizagi offers a property that displays authentication error messages. To access that property you can use Bizagi Studio or the Management Console. Which means that you can change this property anytime in each environment.
By default this property is set off, therefore, Bizagi shows the following message when a user cannot access the Work Portal:
"Can't authenticate the user"
Bizagi shows the same message independent the cause of the problem:
•Accounts is locked
•Other issues with the identity provider
The reason of this general message is to hide the potential problem to hackers, and avoid give them clues to access the system.
When you turn this property on, Bizagi displays the reasons why a user canny be authenticated, for example, that the account is locked:
You can also activate authentication traces in Bizagi Studio or the Management Console. To do that select the Configuration tab, and then Tracing. Then activate the Authentication node:
You can find these traces in the following folder:
And you can troubleshoot problems with the user authentication, for example if the account is locked:
Based on the authentication issue, you can use other Bizagi features to solve them. If the issue is something related to the account, you can see the following options:
Authentication log and Locked Accounts are only available when you use Bizagi authentication. Other authentication types held logs in the external identity provider.