Documentation

Administration

Use login and strong authentication methods

Logging into Manja can be done via various functions and with additional security levels. This includes login with additional authentication (2FA, WebAuth) or automatic login via the internal LDAP system or Azure.

In this chapter of our documentation, we describe which options and security features the login in Manja offers and which other authentication options are available.

Tip: On our page Features & Add-ons we have compiled an informative overview of all our features. In addition, we offer information about the authentication options on the Interaction and Integration page and facts about 2FA, WebAuth and password strength on the Security page.

Login into Manja

Back to top
To log in to Manja, a username or email address is required. And the stored password. LDAP credentials can also be used for login, as well as other OAuth2 providers.
Login into Manja

In addition to the fields for logging in with a username / email address and password, the login screen offers the following functions:

•  Stay logged in

•  Forgot Password

•  Log in via OAuth2 provider (e.g. Nextcloud, Google, Gitlab, Azure AD)

•  Automatic login via LDAP/Active Directory authentication

Two-factor authentication (2FA)

Back to top

Users have the option of setting up two-factor authentication (2FA). The setting for this is set up in “My account” by the user him/herself. This requires an OAUTH authentication app (e.g. Google Authenticator).

My Account > Set up Two-factor authentication (2FA)

WebAuth (Fido2) authentication

Back to top
WebAuth (Fido2) Authentifizierung
WebAuth (Fido2) Authentifizierung

FIDO2 is an open authentication standard based on public-key cryptography that provides enhanced security and user experience.

Thanks to the integration of FIDO2, our user:s can now perform secure and fast authentication without relying on complex passwords or other time-consuming authentication methods. Instead, they can simply log in with their FIDO2-enabled hardware authentication (e.g. YubiKey), which provides a higher level of protection and convenience.

Setup instructions
  1. Navigate to “My Account” > “WebAuth Fido2 Authentication.”
  2. Click on the “Set up a new device for WebAuth” button.
  3. Follow the on-screen instructions to connect your WebAuthn-enabled hardware, such as a security key, or enable the built-in biometrics on your device. The exact steps depend on the device you are using.
  4. After you connect your hardware or enable biometrics, you will be prompted to enter your credentials.
  5. If your credentials are successfully verified, a new WebAuthn credential will be created and stored in your device.
  6. Enter a name for your new credential so you can easily identify it.
  7. Save your credential by clicking the “Save” button. The credential will now be saved to your user account in the database.
  8. Test your new WebAuthn authentication by logging out of your user account and logging in again. Select WebAuthn as the authentication method and use your saved credential to log in.

Azure Active Directory (AAD) via OAuth2

Back to top

Users can use a more secure and seamless login through their Azure Active Directory account to access our DAM solution. This not only reduces the need to manage separate credentials, but also provides a higher level of security and control over access to our platform.

The AAD integration also allows us to better manage access to our DAM solution by giving us the ability to import user groups and roles directly from the AAD directory. This makes it easier to assign permissions and manage user access to our platform.

The integration is done in close consultation with our customers.

Multilevel authentication for administrators

Back to top

For the areas “Administration”, “Maintenance” and “My Account” there is a multi-level authentication when entering the areas:

  • Mode A: further entry of the password.
  • Mode B: Confirmation by clicking without a password.
  • Mode C: the user does not have to take any action, but the call to the area is logged.
  • Mode D: multi-level authentication is deactivated.

The default is Mode C. If you need to change the mode, please contact us.

„Login as“ function for administrators

Back to top

"Login as" function for administrators

For administrators, the function “Login as …” is available in the individual users section under Administration > User Accounts & Groups. This can be called up via the detailed view of the user (top right side).

If this function is used, the view appears with a red frame. Furthermore, it is shown at the top right that you are currently in this mode. There you can also switch back to your own user.

"Logged in as" view for administrators