This section describes how to configure your Cleo Portal system.
You can:
- Provide admin users single-login access to both Cleo Portal and the Cleo Harmony or Cleo VLTrader applications.
- Customize the look and feel of Cleo Portal.
Enabling mixed mode authentication for Cleo Portal
You can allow Cleo Portal users to log in using SAML or local credentials.
Mixed mode authentication is enabled when both SAML and local logins are enabled. When mixed mode authentication is enabled, the Cleo Portal log in page displays a check box labeled Use Company Login, which allows the user to choose the SAML login.
When the user chooses to use SAML login, the Username and Password fields disappear and when the user clicks Log in, the SAML log in page is displayed.
When the user chooses not to use the company login, Username and Password fields are displayed, allowing the user to enter local login credentials.
Cleo Portal users will be able to log in using either their company login (SAML) or their local credentials.
Note: You can bypass the Cleo Portal login page and go directly to your SAML login by adding a query string parameter to the /Portal endpoint. The URL should be specified as /Portal?sso=true
.
Two-factor authentication
Two-factor authentication (TFA) is available for users. The two-factor authentication security option is available for users in the Privileges tab.
First Time Registration:
The first time a user successfully logs in with TFA required, a notification appears with a username and password stating that an email has been sent to the registered email address with a link to complete the registration.
- When the email arrives, click the link to navigate to the registration page. On this page, a wizard appears to help set up a client authenticator application. Choose a client authenticator application based on your system's needs. Recommended authenticator applications are Windows Authenticator, Google Authenticator for Android, and Google Authenticator for iOS, but any authenticator application that supports TOTP protocol will work.
A QR code and text representation of the shared key are presented. These contain the same information. Either can be used to synchronize the client authentication application with Cleo Harmony and Cleo VLTrader.
- Enter the information into the authenticator application and click Next.
- The verification step allows the user to test that the authenticator application has been set up properly. To test the application, enter the username, password, and code from the client authenticator application. Click Test. Upon successful verification, a success message appears, and the Finish button is enabled.
The user can now log into the system using two-factor authentication. Navigate to the login page and follow the Daily Use instructions below.
Daily Use:
Enter the username and password and click Log In. A dialog box appears with a field labeled TOTP Code (time-based one-time password).
Enter the code received from the client authenticator application and click Submit Code.
If the code is valid, login is successful.
Resetting TOTP Key:
To the right of the input field in the TOTP Code dialog is a Reset Key link. Clicking this link will deactivate the user's current two-factor authentication setup, send a new registration email to the user's email address, and instruct the user to reregister at login. Follow the first time registration process outlined above to set up the authenticator again.
Setting up single-login access to Admin UI and Cleo Portal
You can configure your system to allow users to log in one time to access both the Web Admin UI and the Cleo Portal UI.
Note: This section applies to the Cleo Harmony and Cleo VLTrader applications only.
Before you begin, you must have a secure port configured for your Local Listener (see Configuring a Local Listener for HTTP), a resource path for Cleo Portal set (see Local Listener Web Browser Service), and admin users available and enabled on your system (see Cleo VLNavigator User Tab.)
Once your system is properly configured, admin users can log in to Cleo Portal via HTTPs, enabling the drop-down menu used to toggle between User mode (Cleo Portal) and Admin mode (Cleo Harmony or Cleo VLTrader).
For information about using SAML with Cleo Portal users, see Configuring SAML.
Customizing Cleo Portal
Note: This section applies to the Cleo Harmony and Cleo VLTrader applications only.
You can customize the look of your Cleo Portal by modifying its CSS and replacing certain background and logo graphics files displayed on the login page.
Customizing your Cleo Portal banner and login page graphics
Note: This section applies to the Cleo Harmony and Cleo VLTrader applications only.
You can modify the custom.css file to customize the look of your Cleo Portal banner and login page.
Note: If you re-run the installer, the custom.css file is reinstalled with the product and you must make your customizations again.
Cleo Portal CSS customization parameter reference
Use these selectors to control the style of the Cleo Portal.
Note: This section applies to the Cleo Harmony and Cleo VLTrader applications only.
Note: Unless otherwise stated, changes to the height, width, or text size of any element or attribute are not supported.
Top Banner | |
---|---|
#top-banner | Controls the style of the top navigation banner. You can also reference #top-banner as .navbar-default . |
#top-banner .banner-text a | Controls the default style of the navigation labels in the top navigation banner. |
#top-banner .banner-text a:hover | Controls the hover style of the navigation labels in the top navigation banner. |
#top-banner .banner-text a.active | Controls the style of the active navigation label in the top navigation banner. |
#top-banner .banner-text a .icon | Controls the style of top navigation banner icons. |
#top-banner .banner-text a.active .icon | Controls the style of the active navigation icon in the top navigation banner. |
#top-banner .icon-avatar | Controls the style of the user avatar icon. |
#top-banner .icon-avatar:hover | Controls the style of the user avatar icon on hover. |
#top-banner .icon-avatar.open | Controls the style of the user avatar icon when user menu is open. |
Log in Page | |
#LogIn | Use the element to update the background color and/or image. |
#LogIn .login-image | Use this element to update the corporate logo. |
#btn-default[:hover, :active] | Use this element to update the sign in button. |
Main masthead | |
app.portal .navbar-brand | Use this element to update the corporate logo on the main masthead. You will need to explicitly set the width. Maximum dimensions for a new logo is 200px X 65px. |
.navbar-default | Use this element to update the background and border colors. |
Buttons | |
btn-primary[:active, :hover] | Use this element to update the background and border color of all buttons within Cleo Portal. |
Background images | |
New images do not need to be placed within the Cleo Portal directory, but they must be available by way of a publicly accessible URL. For example, on your web server or on a CDN. |
Setting Cleo Portal system properties
You can set the following properties in your conf/extended.properties
file to further customize your Cleo Portal experience.
Property | Description |
---|---|
external.ip.address | Set this property to customize URLs in Cleo Portal email links. For example, setting the property to external.ip.address=my-company.com would change outgoing URLs in Cleo Portal emails to https://my-company.com/Portal/... . Note that some protocols (excluding AS2) can use the external.ip.address property for various operations. The port properties will only ever be used by HTTP and HTTPs based protocols. |
external.ip.address.http.port | Set this property to customize URLs in Cleo Portal email links if a different port than specified in the local listener is necessary. Port properties will only be used if the external.ip.address property is set. If both http and https ports are specified here, thehttps port will take precedence. |
external.ip.address.https.port | Set this property to customize URLs in Cleo Portal email links if a different port than specified in the local listener is necessary. Port properties will only be used if the external.ip.address property is set. If both http and https ports are specified here, thehttps port will take precedence. |
Comments
0 comments
Please sign in to leave a comment.