Introduction

The Security Enhanced Directory Manager features enhanced security and control on user management.
Once you have configured SEDM you will gain access to these features :

- Password policy
- Account Timeout & Lockout
- Account Recovery via email
- End user have option to enable MFA, if SEDM configured to enable such MFA plugin
SEDM acts as middle layer before talking to Directory Manager
- Defaults to referring to Joget users
- Can be configured to also communicate with LDAP / Sync LDAP / other DM (Directory Manager) plugins and many more.

Once SEDM is configured, stronger password encryption for local accounts will take over.

Be careful when disabling SEDM plugin, as this will cause all local passwords to be invalid

Simply go to System Settings -> Directory Manager Settings to enable and configure.

Knowledge Base for DX 8 > Security Enhanced Directory Manager > image2022-7-4_17-37-33.png

Figure 1: Security Enhanced Directory Manager Properties

Name

Description / Sample Value

Show Login Info

Enable this feature will display the info such as : Last Login Date

Failed Login Attempts for Account Lockout

Set on how many attempt for the user to input the correct password before being locked-out due to incorrect password.

Account Lockout Period (Minutes)

Once the user have been locked-out on failed attempt, this field will set a period of time (minute) disabling the user to login.

Allow Session Timeout (Inactivity Timeout)

Enable this feature for automatically logging out inactive user and prompt the user to log in again.

Hard Session Timeout (Hours)

Set a period of time (Hours) for inactivity session for user to be locked out

Multi-Factor Authenticator

Default Multi-Factor Authenticator (MFA) that can be selected is : Time-based One-time Password (TOTP).

You may opt to have more MFA by downloading the OTP (One-Time Password) Email MFA plugin

Once the plugin is enabled, users' password would be stored using a new encryption method. Disabling the plugin would cause all the users not to be able to login anymore as the default encryption method is effectively changed.

If you decide to stop using the plugin, you will need to replace all the affected users' password in dir_user table with a new password based on md5 hash.

Should you forgotten all the details during any Security Enhanced Directory Manager configuration and you have Locked yourself out, please use this workaround :

To disable your Security Enhanced Directory Manager (SEDM) , get into the database

1) Remove the password column value in dir_user

Replace the password column value with new value based on md5 hash.

2) In wf_setup >delete any directory manager records

Remove the 2 rows that starts with "directoryManager".

Then, Joget Workflow will fallback to default directory manager again.

Notification

If you leave the Notification tab below empty, Joget will read the default SMTP configuration values from the General Settings > SMTP Settings page.

Setting up the Notification tab in this Enhanced Security Directory Manager is important and highly recommended. Do not skip the setup and remember to test sending email out to make sure that the email server settings is correct.

Knowledge Base for DX 8 > Security Enhanced Directory Manager > image2022-7-4_17-43-51.png

Figure 2: Notification tab

Name

Description

From

Sender email address.

no-reply@your-company-name.com

SMTP Host

Email Server SMTP Host

smtp.gmail.com

SMTP Port

Email Server SMTP Port

Typically, port 465 for SSL security option and 587 for TLS

Security

None
TLS
SSL

Alternatively, you can click on the "hash" symbol to allow the input of hash variables.

SMTP Username

Email Server Account Username

On Google email account, use your full email address.

SMTP Password

Email Server Account Password

Password submitted will be encrypted for security reason.

CC

Fully qualified address is expected.

Multiple values can be accepted by separating them with semicolons.

CC: lets you send a copy of a message to someone who's interested, but is not the primary recipient.

HTML Content?

Check if "Message" is intended to be a HTML content.

User Creation (Subject)

Email Subject.

User Creation (Message)

Email Message.

Hit on the "Send Test Email" button to quickly validate and test the email settings.

Email notification will be sent out on these important events:

User Creation: email is sent when the admin creates a new user in "Setup User".
Password Reset: email is sent when the admin resets the user's password by checking the "Force Password Change" checkbox in "Setup Users > Edit User > Admin Setting".
Forgot Password: email is sent when the user clicks the forget password link on the login page.
Account Lockout: email is sent when the wrong password exceeds the limit set in "Failed Login Attempts for Account Lockout".

Introduction

Notification

Related Documentation