Authentication via Vertec login

You can find an overview of all authentication options in the article Authentication overview .

In order for an user to log into Vertec via login name and password, the following criteria must be met:

• A login name must be entered for the relevant user. This must be unique. Several people cannot log in with the same login name.
• The user is active. Only active users can log into Vertec. Only as many users can be activated as there are licenses.

The login information is shown on the individual screen of the user :

The password is entered by clicking on the Change password...  button to open the dialog box below:

The Change password... button is only activated if the user has write permission to the password. By default, users have this for themselves, or for everyone if they an
administrator .

The password dialog contains two fields for entering the new password and for confirming it, as well as a field for entering the password of the logged-in user. The new password must comply with the predefined password policy.

In System settings > Authentication, you can set the Vertec password requirements and the Vertec password minimal length.

In particular, if the Vertec instance is available over the internet, we strongly recommend requiring a complex password in combination with 2-factor authentication . This applies to all Cloud Suite customers and all On-Premises customers whose Vertec is available in any form via the internet.

In the password dialog box, the guidelines are shown if the input does not meet the requirements:

Login with empty password

Starting from Vertec 6.7, logging in with an empty password is not only not recommended anymore, it is also impossible for new Vertec installations.

Existing Vertec installations prior to Vertec 6.7 receive a system setting that also allows them to disable the option of logging in with an empty password. You can read more about this in the article System settings - Authentication .

With the option Require new password, the user can be asked to change their password the next time they log in:

The option is only available if neither OpenID Connect is activated, nor another LDAP Server Address is entered, and is only shown to the administrator. When creating a new user, the option is set automatically as of Vertec 6.7.

The next time the relevant user logs into Vertec, the Change password dialog appears and the user has to set a new password that complies with the defined password requirements (see above).

The new password cannot be the same as the current one, otherwise an appropriate message appears:

There is no way for the user to reset a password, not even in the Vertec Web App. If you have forgotten your password, contact the Vertec administrator in your company who can set you a new password.

2-factor authentication (2FA)

Vertec supports a 2FA for logging into Cloud Clients (Vertec Cloud App, Vertec Web App, Vertec Phone App) via an authenticator app, e.g. Google Authenticator. You can find detailed information about this in the article 2-factor authentication .

In particular, if the Vertec instance is available over the internet, we strongly recommend requiring a complex password in combination with 2FA. This applies to all Cloud Suite customers and all On-Premises customers whose Vertec is available over the internet in some form.

There is a Remember me option in the login dialog for logging in via user name and password:

If this option is activated, Vertec does not save the actual user name and password, instead, it saves a token that is valid for the next login. After that, the token is replaced by a new one. Compared to the longevity of the login credentials user name / password, the short-term token offers increased security against loss.

The Remember me option is also available for the Vertec Phone App and the Vertec Outlook App and works with Authentication via LDAP Server .

By default, the token generated in the background is valid for seven days. Each time the server logs in, the server checks whether it is correct. If yes, the user is logged in directly and the client receives a new token from the server for the next login, which is again valid for seven days. In the case of the Vertec Cloud App and Vertec Desktop App, the token is saved in the Windows credentials (name Vertec) . In the case of the Vertec Web App the token is stored as a cookie in the browser (name vertec_auth_token).

A login dialog only reappears if the user has not logged into Vertec for longer than these seven days, or if the user has explicitly logged out of Vertec using the menu button Settings > Log out .

Validity of tokens (On-Premises)

The configuration file Vertec.ini defines how many days the tokens are valid:

[CloudServer]
Token Lifetime = 7

In the case of full-featured apps , a session remains open as long as the app is open. Only when the app is restarted does the user log in again.

In the case of the Vertec Phone App and the Vertec Outlook App, if the app is not used, the session is terminated after a certain period of time (75 minutes or depending on the defined session timeout ) on the server side. However, with the Remember me option, a new session is started immediately, unnoticed by the user.

If you want to turn off the auto-login mechanism, set the token lifetime to 0. The checkbox no longer appears on the login dialog. However, we do not recommend you turn off this option for two reasons:  First, if you deactivate this, users of the Vertec Phone App and Vertec Outlook App will have to log in again after each session timeout. Second, the tokens offer increased security against loss, compared to the long-term login data  user name / password.

Another way to get a login dialog to reappear is to go to the user, click on the Actions menu and choose Reset "Remember me":

Administrators can also perform this action for other users.