Authorization and verification settings

In this review, we will talk about the security settings in the administrative panel of the super administrator, which are configured by CleverLMS technical support for each client company individually, at its request.
The first and most important is the authorization setting: you can configure a limited number of attempts to enter an incorrect password and the time for automatically locking the account after all authorization attempts for the user and the administrator have been exhausted.
CleverLMS platform authorization settings
If necessary, after the authorization attempts have been exhausted, the user and the administrator can be unlocked manually. This is a frequent requirement of the security service to eliminate the possibility of password selection for a third-party account.

There is also an employee verification setting — according to which of the signs we verify it at the entrance (one of the options must be filled in):
  • by phone and email
  • only by email
  • only by phone
CleverLMS platform verification settings
When installing two-factor administrator authorization, the system, in addition to the login and password, will require entering a verification code sent to an e-mail or phone number each time you log in.
CleverLMS two-factor authentication settings
By default, two-factor administrator authorization is disabled, the verification code comes only once - when the password is reset.

In the user settings, you can activate the “Use access code" field, which all users will have to enter to log in to the application.
Obtaining an authorization code for the CleverLMS platform
It is possible to configure the requirements for the composition of the user's password (that is, to set the conditions for password verification).
Setting the requirements for the composition of the user's password in the CleverLMS platform
A regular expression is a set of conditions that allows you to create restrictions at the level of password length and format (which letters and symbols will be used, whether numbers are needed). Our technical support adjusts the password format requirements to the client's requirements.

At the same time, you can configure a ban on matching a password with some values in the system. For the user, these are: login, first name, last name, phone and e-mail. Or you can allow a partial match, for example: two consecutive characters of a match from the phone. For administrators, the same settings, except for the first and last name.
CleverLMS platform security settings
The administrator also has the opportunity to test the password configured according to the specified conditions.
Password testing settings in the CleverLMS training system
Administrators on the client side are logged in only by us, they do not see other administrators, their password is not explicitly displayed, we only store the password hash.

The password is also not displayed in the user part.

Password recovery takes place according to the data entered in advance and confirmed by the administrator (required field), which excludes unauthorized access to the system. To restore the password, an SMS message is sent to the registered number, or a link to an e-mail valid for a certain period of time. There is also an addition to the settings where a valid password will be required to reset the password, which is necessary for companies with shared corporate tablets/ laptops/ PCs (for example, at a retail outlet or in a warehouse).

The system checks the user's activity once an hour and, if the user is inactive, “throws" him out. It is possible to get back (and also change the password) only by specifying the current password. Even if there is a mark "Remember me”, another user will be able to log in to the account, but he will not be able to steal it (change his phone number or e-mail).

We can configure authorization parameters for both the user and the administrator not only by login and password, but also delegate authorization to a third-party client system.
Authorization delegation settings in the CleverLMS training system
Now there are several compatible servers, some custom, some standard, for example Active Directory FS, an add-on to the standard Active Directory. If the client uses it, we request parameters to connect to the service, and when the user launches our application, he will see the “Log in via Active Directory" button (the name of the button can be any).

After clicking this button, a redirect will take place to the client's authorization system, where the user is checked, and the system returns information about the employee's authorization to us for subsequent access to the platform.

For convenience, you can enable several authorization methods, for example, different for external and internal employees. External users enter by login and password, while internal users can use, for example, Active Directory.
Author settings in the CleverLMS learning system
At the request of the client, additional OAuth 2 compatible servers can be connected, which is very convenient for large companies that use hosting in their own circuit, since they most often already have such a system.

The entrance to the administrative panel is configured separately.

You can also display the license agreement in the settings, which you will need to accept when logging into the application for the first time,
Adding a license agreement in the CleverLMS platform
differentiate the roles of administrators by modules,
CleverLMS platform administrator settings
including access to groups so that the statistics module is visible for a certain group of users.
This was a brief overview of the security settings of the CleverLMS platform for users and administrators. You can also read an overview of the IT and information security of our platform.