Authentication Guide

This guide covers the authentication system in Auto Report, including login processes, user management, and security features.

Overview

Auto Report uses a robust authentication system that supports:

• Local Authentication: Username/password authentication
• Single Sign-On (SSO): Integration with enterprise identity providers
• Multi-Factor Authentication: Additional security layers
• Session Management: Secure session handling and automatic refresh

Login Process

Standard Login

1. Navigate to the login page (/login)
2. Enter your username/email and password
3. Click "Login" to authenticate
4. You'll be redirected to the dashboard upon successful authentication

SSO Login

If your organization uses SSO:

1. Click "Login with SSO" on the login page
2. You'll be redirected to your organization's identity provider
3. Complete authentication with your corporate credentials
4. You'll be redirected back to Auto Report with an active session

First-Time Login

For new users:

1. Use the temporary credentials provided by your administrator
2. You'll be prompted to change your password on first login
3. Set up multi-factor authentication if required
4. Complete your user profile information

User Profile Management

Accessing Your Profile

1. Click on your avatar in the top-right corner
2. Select "Profile" from the dropdown menu
3. Or navigate directly to /profile/:id

Profile Settings

Basic Information

• Name: Update your display name
• Email: Change your email address (may require verification)
• Phone: Update your phone number for notifications
• Avatar: Upload a profile picture

Security Settings

• Password: Change your password
• Two-Factor Authentication: Enable/disable 2FA
• Active Sessions: View and manage active sessions
• Login History: View recent login activity

Preferences

• Language: Choose between English and Vietnamese
• Theme: Switch between light and dark themes
• Timezone: Set your local timezone
• Notifications: Configure notification preferences

Multi-Factor Authentication (MFA)

Enabling MFA

1. Go to your profile settings
2. Navigate to the "Security" section
3. Click "Enable Two-Factor Authentication"
4. Choose your preferred MFA method:
   • TOTP Authenticator: Use apps like Google Authenticator or Authy
   • SMS: Receive codes via text message
   • Email: Receive codes via email

Using MFA

When MFA is enabled:

1. Enter your username and password as usual
2. You'll be prompted for your second factor
3. Enter the code from your authenticator app or check your SMS/email
4. Complete login to access the system

Recovery Codes

• Download and safely store your recovery codes when setting up MFA
• Use recovery codes if you lose access to your MFA device
• Each recovery code can only be used once
• Generate new recovery codes periodically

Session Management

Session Security

• Sessions automatically expire after a period of inactivity
• Active sessions are validated on each request
• Tokens are automatically refreshed to maintain security
• All sessions are invalidated when password is changed

Managing Sessions

From your profile security settings:

• View Active Sessions: See all devices/locations where you're logged in
• Revoke Sessions: End sessions on specific devices
• Session Timeout: Configure automatic logout timing

Logout

• Click your avatar and select "Logout"
• All active sessions will be terminated
• You'll be redirected to the login page
• Use "Logout from all devices" to end all sessions

Role-Based Access

Understanding Roles

Your role determines what you can access and do in the system:

• Admin: Full system access and configuration
• Manager: User management and advanced features
• Editor: Content creation and workflow management
• Viewer: Read-only access to documents and reports

Permission System

The system uses granular permissions:

• Resource-based: Permissions for specific features (documents, reports, etc.)
• Action-based: Permissions for specific actions (read, write, delete, etc.)
• Context-based: Permissions based on data ownership or department

Checking Your Permissions

• View your role and permissions in your profile
• Restricted features will be hidden or disabled
• Contact your administrator to request additional permissions

Troubleshooting Authentication

Common Issues

Can't log in with correct credentials

• Verify your username/email is correct
• Check if your account is active (not locked or disabled)
• Try resetting your password
• Clear browser cache and cookies

SSO login not working

• Verify you're using the correct SSO portal
• Check if your organization's SSO is configured properly
• Contact your IT administrator for SSO issues

MFA codes not working

• Ensure your device's time is synchronized
• Try the next code if using TOTP
• Use a recovery code if available
• Contact support for MFA reset

Session expires too quickly

• Check your session timeout settings
• Verify you're not using multiple tabs with conflicting sessions
• Contact administrator to adjust session policies

Password Reset

If you've forgotten your password:

1. Click "Forgot Password" on the login page
2. Enter your email address
3. Check your email for reset instructions
4. Follow the link to create a new password
5. Log in with your new password

Account Lockout

If your account gets locked:

• Account lockouts occur after multiple failed login attempts
• Wait for the lockout period to expire (usually 15-30 minutes)
• Or contact your administrator for immediate unlock
• Review security logs to identify the cause

Security Best Practices

Password Guidelines

• Use strong, unique passwords
• Include uppercase, lowercase, numbers, and symbols
• Avoid common words or personal information
• Use a password manager for complex passwords

Account Security

• Enable multi-factor authentication
• Regularly review active sessions
• Log out from shared or public computers
• Report suspicious account activity immediately

Data Protection

• Never share your login credentials
• Be cautious of phishing attempts
• Keep your contact information updated
• Regularly review your access permissions

API Authentication

For developers integrating with the Auto Report API:

API Token Authentication

1. Generate API tokens from your profile settings
2. Include tokens in API request headers: Authorization: Bearer <token>
3. Tokens inherit your user permissions
4. Regenerate tokens periodically for security

OAuth2 Flow

For third-party applications:

1. Register your application with the system administrator
2. Use OAuth2 authorization code flow
3. Redirect users to the authorization endpoint
4. Exchange authorization codes for access tokens

---

For additional help with authentication issues, contact your system administrator or refer to your system administrator.