Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Section


Column
width20%

Excerpt Include
Product Webinars
Product Webinars
nopaneltrue



Column
width80%

Introduction

Document Purpose

This document provides an overview of the LiveVox password management functionality. It also includes general guidelines for the client level SFTP credentials.  

Tip

Table of Contents
excludeIntroduction

Password Management features

General Guidelines

LiveVox portal and agent portal access:

  • Username and password are case sensitive. With the password management feature enabled, the following restrictions are implemented.
    • Password strength is selectable at three levels:
      • Medium:  User and agent passwords must be a minimum of eight characters in length containing at least one digit, one letter, and must not match the previous four passwords for that user or agent credential.
      • Strong: User and agent passwords must be a minimum of eight characters in length containing at least one digit, one letter, one special character, and must not match the previous four passwords for that user or agent credential.
      • Very Strong: User and agent passwords must be a minimum of twelve characters in length containing at least one digit, one letter, one special character, and must not match the previous four passwords for that user or agent credential.

        Note

        Special characters supported are the ASCII printable characters and they are:  (space) ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~


    • Permitted voice portal users can set the account password temporarily and force the users or agents to change the password on the first login or when the password is updated. If permitted voice portal users change the password for their own user account, they are not prompted to change the password. This feature is configurable at the client level and applied to both users and agents.

    • User and agent passwords expire after a specified period. The timeframe is configurable at the client level, is set to 90 days by default, and applied to both users and agents. Password management will lock out users and agents after a number of failed login attempts. The allowed number of failed logins is configurable at the client level for users and agents. By default, both users and agents are allowed 5 failed logins. Passwords are encrypted for all users, meaning that passwords are not stored in clear text anywhere in the system including the database. This is configurable at the client level.

      • LiveVox uses AES-256 encryption.

  • SFTP site access:
    • Users can upload campaign files or retrieve generated reports from their LiveVox SFTP site. LiveVox uses the SFTP protocol by default.  If you require FTP instead, please contact Client Services -  client-services@livevox.com.
      • If utilizing the voice portal's integrated FTP Browser, a user's voice portal credentials are used (password requirements described above).
      • If utilizing a 3rd party SFTP browser application, specific SFTP credentials provided by LiveVox are used. These credentials adhere to the following standards:
        • SFTP usernames and passwords are case sensitive.
        • SFTP passwords must be a minimum of eight characters in length and contain at least 1 digit.
        • SFTP passwords do not expire.
        • SFTP encrypts commands and data both, preventing passwords and sensitive  information from being  transmitted  in  the  clear  over  a network.

Security Settings

Users in Sysadmin role can manage LVP and Agent password security settings in the Security tab of the Client editor.  Sysadmins have the option to configure the following for LVP users and agents:

  • Password  Expire  Days -Set  number  of  days  for  the  password  expiration.  Applies  to  both users and agents.

    Note

    When implementing a password expire period for the first timeor reducing the number of days in the current period, it is recommended that all agents be logged out to prevent any call interruption due to password expiration. In addition, if your portal uses any LiveVox Custom Applications (Scripter, for example) or you are unsure if you have integrated these types of apps, please reach out to your Account Management team before adding, removing or making any changes to the Password Expire Period as this may interrupt any active LiveVox Custom Applications.


  • Max Failed Login Attempts -Set number of password attempts after which the user or agent will  be  locked  out. The value of Max  Failed  Login  Attempts LVP and Max  Failed  Login Attempts Agent must be between 1 and 9. Zero, null, and characters are invalid.
  • Browser Session Security -If selected, user will have to log back in any time the browser is closed.
  • Password Strength-Slide the arrow on the bar to select one of the following levels:

    • Medium -Password must be a minimum of eight characters in length containing at least one digit, one letter, and must not match the previous four passwords.

    • Strong -Password  must  be  a minimum  of  eight  characters  in  length  containing  at least  one  digit,  one  letter,  one  special  character,  and  must  not  match  the  previous four passwords.

    • Very Strong -Password must be a minimum of 12 characters in length containing at least  one  digit,  oneletter,  one  special  character,  and  must  not  match  the  previous four passwords.

  • Admin Set Passwords Are Temporary-If selected, then the system forcesthe users or agents to change the password on the first login or when the password is updated.Once they login with the temporary password, they will be asked to change the password.
    Client editor - Security Tab 

Setting up Agents and Users

  • Adding a new agent:
    • If  the  password  is  not  8  characters  or  greater,  does  not  contain  a  mixture  of characters  and  numbers,  or  matches  one  of  the  previous  four  passwords,  the  user configuring a new agent will get the following error, after clicking Save.
      Failure to save agent
    • If the password has no digits but characters only, the user configuring new agent will get the following error:
      Failure to save agent
    • If the password has no characters but digits only, the user configuring new agent will get the following error: 
      Failure to save agent

Similarly, adding a new user.

  • If the password is not 8 characters or greater, or does not meet the password requirements; the user configuring new user will get the following error, after clicking Save.
    Failure to save new User

Logging In

Login

  • Agent Login (via agent link provided by LiveVox). Enter Login ID and Password. Click Next button to log in.
    Agent Login
  • User login (via user link provided by LiveVox). Enter the Client Code, User Name, and Password. Click Login buttonto log in.
    User  Login
  • For more information onfailed login, see Failed Logins section.
  • If  the  account  passwordis  set  temporarily,  then the  system forcesthe  users  or  agents  to change the password on the first login or when the password is updated.Once they login with the temporary password, they will be asked to change the password.For changing the password, see Resetting Expired Passwordsection. If the Dual Factor Authentication (DFA) is enabled, see Changing passwordssection for more information.

Resetting Expired Password

When the password expires, agents and users will get an error on their screen as they try to log in. New password cannot be the same as the last four passwords.

  • Agents
    Agent sign in for expired password
  • Users 
    User password expired

Failed Logins

  • Agents :
    • The Agent login screen displays error message when an invalid password is entered by an agent.
      Agent login failed
    • If an agent attempts to log in with the wrong password more times than the site’s configured  limit,  the  agent  will  be  locked  out and  presented  with  the  following screen:
      Agent account locked
  • Users
    • The login screen displays the following message when an invalid password is entered by the user.
      Unsuccessful User login
    • If a user attempts to log in with the wrong password more times than the site’s configured limit, the user will be locked out and presented with the following screen:
      User account locked
  • To unlock the user or agent, permitted user can double click on the lock icon and confirm the action from User or Agents editor.
    Example of unlocking the locked agent

Dual Factor Authentication

Dual Factor Authentication (DFA) is a type of Multi Factor Authentication, where essentially second level of authentication by user is required for a successful login, and this second password is an OTP (One Time Password).
An Admin can enrol a user for dual factor authentication. To enrol the user for DFA, navigate to Configure> System>Double click the user > General Tab:
DFA Enrollment for User

Once the enrollment option is enabled by Admin, the user’s enrollment will be in pending activation status which is displayed in the OTP column of User editor.
User Account Pending Activation

The user is required to complete this activation process upon login. 
User login for Dual Factor Authentication

Users  must  authenticatetheir  loginwith  an  OTPgenerated via Desktop  Application  (WinAuth), mobile application (Google Authenticator, OKTA etc.)or hardware token.

  • User login (User’s enrolled for DFAonly).
    • The following screen displays when the user enrolled for DFA submits the login credentials: 
      QR Code for OTP Activation
  • Desktop Users
    • Users are required to add the QR code in WinAuth to generate the OTP. Enter the OTP obtained via WinAuth application to continue the login process. For details on the usage of WinAuth see Setting up WinAuth Application for Dual Factor Authentication section.OTP verification via WinAuth
  • Mobile Users
    • Users are required to scan the QR codeto continue the login process. The user receives OTP via a mobile application (Google Authenticator, OKTA etc.) and is presented with the following screen: 
      One Time Password verification
    • Once the OTP is entered by the user the login process continues.
  • If  there  are  failures,  they are counted  against  the  maximum OTP  failure  count  and eventually the account gets locked and the user needs to contact the Admin to unlock the account.

Agent One Time Password verificationOTP verification via WinAuthQR Code for OTP ActivationUser login for Dual Factor AuthenticationUser Account Pending ActivationDFA Enrollment for UserExample ofunlocking the locked agentUnsuccessful User login failed sign in for User password expired password User  Login Failure to save new User agentDesktop editor - General Tab

Agent Failure to save new userDesktop editor - General Tab

Agent Desktop editor - General Tab

OTP Enrolment Status

The User editor's User Grid displays a column to indicate the OTP (One Time Password) Enrolment Status. Hover the mouse over the icon displayed in the OTP column to get the description of the OTP Enrolment Status.
User editor -enrolment status

Changing passwords

The users enrolled for Dual Factor Authentication require a valid OTP token to change the password. The login process continues upon successful validation. The OTP token validation failure is counted against the maximum OTP failure count.

Resetting locked accounts

The User editor displays a lock icon for a user locked due to exceeding the maximum attempts of password or OTP. To unlock the user, permitted user can double click on the lock icon and confirm the action.

Note
  • Please contact LiveVox Client Services to enable Dual Factor Authentication option and specify Max Failed Login OTP Attempts.
  • Dual Factor Authentication is not available for agent login.
  • Second-factor authorization is not supported via email, SMS and voice message.

Setting up WinAuth Application for Dual Factor Authentication


WinAuth application can be used by Desktop users to generate OTP for  second level verification. Follow the below procedure for initial set up of the WinAuth Authenticator.  Download the WinAuth app by clicking https://winauth.github.io/winauth/. Once downloaded, double click the WinAuth application to set up a new Authenticator:
WinAuth Application
Click the Add button to set up an Authenticatorand you will be presented with the Add Authenticator window.
Adding a new Authenticator
The Add Authenticator window allows you to configure the following:
Enter the name of the Authenticator in the Name field.
Copy the QR code displayed on OTP Activation screen into WinAuth.
Set the authenticator type astime-based.
Clickthe Verify Authenticatorbutton in order to preview the first generated code.
Do not click Ok button in the Add Authenticator window at this point.
Configuring Authenticator details

Close the OTP Activation window and you will be prompted with Enter OTP window as shown in Figure 17, where you can enter the code presented on the WinAuth.

Once done, click Ok button on the Add Authenticator screen of WinAuth and you will be presented with the following screen to lock the WinAuth app, if you wish to lockthe app.
Protection config

Set the required Password and click Ok button on the Protection config and use WinAuth to verify OTP as normal.

Agent Desktop editor - General Tab

Agent Desktop editor - General Tab

Agent Desktop editor - General Tab

Agent Desktop editor - General Tab

Agent Desktop editor - General Tab

Agent Desktop editor - General Tab

Agent Desktop editor - General Tab