In this article, you'll learn about the tools and features that ensure your account security.
In this section:
To manage your security settings, go to My Profile, and choose the Security tab.
As an administrator, you can also manage security in the Team Settings tab and enforce security settings for all account users.
The Account Owner can enforce Two-factor Authentication for logging into the Voucherify account. As a result, each logging attempt requires two forms of authentication. Voucherify supports text messages, Google Authenticator, and back-up codes as a second identification mechanism. Go here to learn more.
From this view, you may quickly change your Voucherify password. Click Change password.
Provide the current and new passwords. When ready, confirm with Change password.
You are going to receive an email notification each time a password change is performed.
Account Activity Logs
To gain valuable insights into account activity, you may also monitor the account security logs.
SAML (Security Assertion Markup Language) ensures easy and centralized access management to your business applications and resources. Voucherify enables account administrators to connect a custom SAML application and use it instead of the standard authentication process while logging in. As a result, your users can log into the Voucherify account using a single sign-on authentication process.
The account administrator can enable and enforce SAML Authentication in the Team Settings > Security tab.
To connect the custom SAML application with Voucherify, you will need:
- Identity Provider EntryEndpoint URL (1) – in this field, provide the SAML URL where the identity provider sends the authentication token.
- Identity Provider certificate (2) – electronic document copied from the identity provider settings and used to prove the ownership of a public key.
Optional configuration details:
- Provider Name (3) – the name of your identity provider, e.g., OneLogin, Auth0.
- Issuer (4) – stands for the EntityID (unique identifier) of the service provider.
- Audience (5) – a value within the SAML assertion that specifies who (and who only) the assertion is intended for. The audience represents the service provider, usually by using a URL address that is validated when the request is received.
Encrypt SAML requests
To increase the security of your transactions, you can sign or encrypt both requests and responses in the SAML protocol:
- Sign SAML-Requests – add the private tenant key to sign SAML requests. You can also provide your own private/public key pair to sign requests from a specific connection.
- Decrypt SAML-Response – by default, the identity provider uses the private/public key pair assigned to your tenant to sign SAML responses or assertions. In the case of very specific scenarios, you might wish to provide your own key pair.
Recommended identity providers:
This tutorial shows the required steps to connect Auth0 Identity Provider.
After logging into your Auth0 account, go through the following steps:
- Go to Applications in the sidebar and click Create Application.
- Enter the name and select the type of application (Regular Web Application).
- Click on the Show Advanced Settings in the Settings tab.
- Go to the SAML section in the Endpoints tab and copy the SAML Protocol URL.
- Log into your Voucherify account and go to the Security tab in your Team Settings. Enable the SAML Authentication and place the copied URL in the Identity Provider EntryPoint URL field.
- Go back, go to the Auth0 and switch to the Certificates tab. Copy the Signing Certificate.
- Go to the Voucherify app and click the Add Certificate button.
- Paste the copied identity provider certificate and confirm with Save.
- Click Save to confirm SAML configuration.
- In response, you should see the Callback URL. Copy the link and go back to Auth0.
- Go to the Settings in Auth0 and scroll down to the Application Login URIs section. Paste the copied callback URL in the Allowed Callback URLs field. Click Save Changes to confirm.
- Scroll up the page and go to the Addons tab.
- Click on the SAML2 Web App and the Enable button. Next, confirm your changes with Save.
You can also enforce SAML authentification within your Voucheify account. As a result, each user has to log in using a connected identity provider.
You can now use the SAML Authentication to log into the Voucherify app using Auth0 as an identity provider. To log in, use the callback URL from Voucherify Team Settings (Security tab).
This tutorial shows the required steps to connect OneLogin Identity Provider.
After logging into your OneLogin account, go through the following steps:
- Go to the Applications tab and choose Add app button in the top right corner.
Use the search bar to browse SAML Test Connector (Advanced) and click on its name to add the app.
You can define optional connector's details like name, icon, and description. Click Save and go to the Configuration tab.
Change SAML encryption method to AES-128-CBC and confirm with Save. Go to the SSO tab.
Copy the SLO Endpoint (HTTP) and log into your Voucherify account.
Go to the Security tab in your Team Settings and enable the SAML Authentication. Place the copied URL in the Identity Provider EntryPoint URL field.
Go back to OneLogin and click View Details below the Certificate.
Copy the X.509 Certificate.
Go back to Voucherify and click the Add Certificate button. Paste the copied certificate and confirm with Save.
Confirm SAML configuration with Save. In response, Voucherify shows you a Callback URL. Copy the URL and go back to the Configuration tab in OneLogin.
Paste copied URL to ACS (Consumer) URL field. Confirm with Save.
You can now use the SAML Authentication to log into the Voucherify app using OneLogin as an identity provider. To log in, use the callback URL from Voucherify Team Settings (Security tab).