Account Security

In this article, you'll learn about the tools and features that ensure your account security.

In this section:

  1. Multi-Factor Authentication (MFA)
  2. Password Change
  3. Account Activity Logs
  4. SAML Authentication

To manage your security settings, go to My Profile, and choose the Security tab. 

My profile tab

As an administrator, you can also manage security in the Team Settings tab and enforce security settings for all account users.


Multi-Factor Authentication

The Account Owner can enforce Two-factor Authentication for logging into the Voucherify account. As a result, each logging attempt requires two forms of authentication. Voucherify supports text messages, Google Authenticator, and back-up codes as a second identification mechanism. Go here to learn more.

Enable 2FA


Password Change

From this view, you may quickly change your Voucherify password. Click Change password.

Change password

Provide the current and new passwords. When ready, confirm with Change password

Password change

You are going to receive an email notification each time a password change is performed.


Account Activity Logs

To gain valuable insights into account activity, you may also monitor the account security logs.

Account security logs


SAML Authentication

SAML Authentication is only available for the Enterprise plans. Contact us to request this feature. 

SAML (Security Assertion Markup Language) ensures easy and centralized access management to your business applications and resources. Voucherify enables account administrators to connect a custom SAML application and use it instead of the standard authentication process while logging in. As a result, your users can log into the Voucherify account using a single sign-on authentication process.

The account administrator can enable and enforce SAML Authentication in the Team Settings > Security tab

SAML

Prerequisites

To connect the custom SAML application with Voucherify, you will need:

  • Identity Provider EntryEndpoint URL (1) – in this field, provide the SAML URL where the identity provider sends the authentication token. 
  • Identity Provider certificate (2) – electronic document copied from the identity provider settings and used to prove the ownership of a public key.

Optional configuration details:

  • Provider Name (3) – the name of your identity provider, e.g., OneLogin, Auth0.
  • Issuer (4) – stands for the EntityID (unique identifier) of the service provider. 
  • Audience (5) – a value within the SAML assertion that specifies who (and who only) the assertion is intended for. The audience represents the service provider, usually by using a URL address that is validated when the request is received.

SAML prerequisities

Encrypt SAML requests

To increase the security of your transactions, you can sign or encrypt both requests and responses in the SAML protocol:

  • Sign SAML-Requests – add the private tenant key to sign SAML requests. You can also provide your own private/public key pair to sign requests from a specific connection.
  • Decrypt SAML-Response – by default, the identity provider uses the private/public key pair assigned to your tenant to sign SAML responses or assertions. In the case of very specific scenarios, you might wish to provide your own key pair.

Encrypt SAML requests

Recommended identity providers:

Auth0 Configuration

This tutorial shows the required steps to connect Auth0 Identity Provider.

After logging into your Auth0 account, go through the following steps:

  1. Go to Applications in the sidebar and click Create Application.
  2. Create Application

  3. Enter the name and select the type of application (Regular Web Application).
  4. Regular web application
  5. Click on the Show Advanced Settings in the Settings tab.
  6. Advanced settings
  7. Go to the SAML section in the Endpoints tab and copy the SAML Protocol URL.
  8. Saml uRL
  9. Log into your Voucherify account and go to the Security tab in your Team Settings. Enable the SAML Authentication and place the copied URL in the Identity Provider EntryPoint URL field. 
  10. SAML authentication

    You can also enforce SAML authentification within your Voucheify account. As a result, each user has to log in using a connected identity provider. 

  11. Go back, go to the Auth0 and switch to the Certificates tab. Copy the Signing Certificate.
  12. Signing ceritifcate
  13. Go to the Voucherify app and click the Add Certificate button.
  14. Add certificate
  15. Paste the copied identity provider certificate and confirm with Save.
  16. Copy certificate
  17. Click Save to confirm SAML configuration.
  18. Confirm SAML
  19. In response, you should see the Callback URL. Copy the link and go back to Auth0.
  20. Callback URL
  21. Go to the Settings in Auth0 and scroll down to the Application Login URIs section. Paste the copied callback URL in the Allowed Callback URLs field. Click Save Changes to confirm.
  22. Allowed Callback URL
  23. Scroll up the page and go to the Addons tab.
  24. Addons
  25. Click on the SAML2 Web App and the Enable button. Next, confirm your changes with Save.

You can now use the SAML Authentication to log into the Voucherify app using Auth0 as an identity provider. To log in, use the callback URL from Voucherify Team Settings (Security tab).

Callback URL 2


OneLogin Configuration

This tutorial shows the required steps to connect OneLogin Identity Provider.

After logging into your OneLogin account, go through the following steps:

  1. Go to the Applications tab and choose Add app button in the top right corner.

  2. Use the search bar to browse SAML Test Connector (Advanced) and click on its name to add the app.

  3. You can define optional connector's details like name, icon, and description. Click Save and go to the Configuration tab.

  4. Change SAML encryption method to AES-128-CBC and confirm with Save. Go to the SSO tab.

  5. Copy the SLO Endpoint (HTTP) and log into your Voucherify account. 

  6. Go to the Security tab in your Team Settings and enable the SAML Authentication. Place the copied URL in the Identity Provider EntryPoint URL field. 

  7. Go back to OneLogin and click View Details below the Certificate.

  8. Copy the X.509 Certificate.

  9. Go back to Voucherify and click the Add Certificate button. Paste the copied certificate and confirm with Save.

  10. Confirm SAML configuration with Save. In response, Voucherify shows you a Callback URL. Copy the URL and go back to the Configuration tab in OneLogin. 

  11. Paste copied URL to ACS (Consumer) URL field. Confirm with Save.

You can now use the SAML Authentication to log into the Voucherify app using OneLogin as an identity provider. To log in, use the callback URL from Voucherify Team Settings (Security tab).

Still need help? Contact Us Contact Us