Login Configuration
Overview
Self-hosted Appcircle server 3.9.0
or later versions support enabling or disabling "User Registration" and "Forgot Password" from the "Self-Hosted Settings" admin page.
If your organization has configured LDAP or SSO authentication for the Appcircle users, you may want to disable the email signup flow.
Allowing email signup could result in having users registered both through LDAP/SSO and through email.
This can create duplicate users and make user management more difficult. Disabling email signup ensures all users are created through your centralized LDAP or SSO provider, avoiding duplication.
Just keep in mind that disabling email signup means new users will need to be created directly in your LDAP or SSO provider first before they can sign in to Appcircle.
Disabling email signup also prevents unwanted or unknown users from signing up for accounts through the email flow.
With LDAP or SSO, only users explicitly added to those systems can gain access, keeping tighter control over who can login to Appcircle.
Also, keeping the forgotten password flow open allows users to reset their password. But keep in mind that if a user resets his or her password, the user will no longer be an LDAP user.
It will be better to disable forgotten password flow after you enable LDAP or SSO for authentication.
Login Settings
In this area, you can manage the creation of new users using the "Sign up with e-mail" button and the renewal of passwords using the "Forgot Password?" button.
You can reach "Login Settings" by navigating to "Admin > Self-Hosted Settings" page.
User Registration
If this setting is on
, your users can register to Appcircle and perform operations with this user except LDAP or other authentication methods. If you want only your LDAP users to log in to the system, you need to keep this setting off
.
Click on the "Save" button to apply the settings.
If this setting is off
, the "Sign up with e-mail" button will not appear on the Appcircle login page.
Configure Emails That Can Be Used for Registration
With the Appcircle server version 3.13.0
, Appcircle disables users from registering with disposable (temporary) emails and common emails like Gmail, Outlook, etc. by default.
If you want to change this behavior, you can configure it in the global.yaml
file of your project by following the steps below.
Keep in mind that this action will cause a downtime in the Appcircle dashboard.
-
Log in to Appcircle server with SSH or remote connection.
-
Go to the
appcircle-server
directory.
cd appcircle-server
The spacetech
in the example codes below are example project name.
Please find your own project name and replace spacetech
with your project name.
To see projects, you can check the projects
directory.
ls -l ./projects
- Shutdown Appcircle server.
./ac-self-hosted.sh -n "spacetech" down
- Edit the
global.yaml
file of your project.
vi ./projects/spacetech/global.yaml
- Find the
keycloak
key and append theallowDisposableEmails
key into that section.
The allowDisposableEmails key can be true
or false
. false
is the default value, so it disables users from registering with disposable or common emails.
If you want to enable disposable or common emails, change this value to true
.
You can see a sample part of a configured global.yaml
below.
keycloak:
initialUsername: admin@spacetech.com
enabledRegistration: true
allowDisposableEmails: true
- Apply configuration changes.
./ac-self-hosted.sh -n "spacetech" export
- Start Appcircle server.
./ac-self-hosted.sh -n "spacetech" up
You should check the status of the Appcircle server after boot for any possible errors.
./ac-self-hosted.sh -n "spacetech" check
You should see the message: "All services are running successfully."
Now, the users can register with disposable or common emails.
If you want to re-disable that behavior, as in the default configuration, you can change the allowDisposableEmails value to false
by following the same steps above.
Forgot Password
If this setting is on
, your users can renew their passwords themselves. If you want your users' password management operations to be done via LDAP or other authentication methods, you should keep this setting off
.
Click on the "Save" button to apply the settings.
If this setting is off
, the "Forgot Password?" button will not appear on the Appcircle login page.
Edit Username
If this setting is set to on
, then your users will be able to change their own email addresses.
The login username for Appcircle is an email address.
Users can edit email from My Account > My Details screen.
In order to prevent users from changing their email addresses by themselves, you should keep this setting off
.
Click on the "Save" button to apply the settings.