Nodesify Admin Docs

English

简体中文

English

简体中文

Appearance

Authentication

Nodesify Admin provides a secure authentication system to protect organizational data. This section outlines the available login methods and security features.

Login

Users can access the system using their assigned credentials.

  • Username/Email: Your unique identifier within the system.
  • Password: Secure authentication credential.

Upon successful login, the system issues a secure token (JWT) valid for the active session.

Multi-Factor Authentication (MFA)

To enhance security, the system supports Multi-Factor Authentication (MFA) using Time-Based One-Time Passwords (TOTP). This adds a second layer of protection by requiring a code from your phone in addition to your password.

Enabling MFA

  1. Navigate to User Profile > Account Security.
  2. Locate the Multi-Factor Authentication card.
  3. Click Setup MFA.
  4. Scan QR Code: Use an authenticator app (like Google Authenticator, Microsoft Authenticator, or Authy) to scan the displayed QR code.
  5. Verify Code: Enter the 6-digit code generated by your app to confirm setup.
  6. Save Recovery Codes: Crucial! A set of one-time use recovery codes will be displayed. Copy and save these in a secure location (password manager, safe). You will need these if you lose your phone.

Disabling MFA

If you change phones or wish to turn off extra security:

  1. Go to User Profile > Account Security.
  2. Click Disable MFA.
  3. You will be prompted to enter your current password to confirm this action.

Using Recovery Codes

If you lose access to your authenticator app (e.g., lost phone):

  1. Proceed to the Login screen and enter your username/password.
  2. When asked for the MFA code, look for a link saying "Use a recovery code".
  3. Enter one of the 10-character codes you saved during setup.
  4. Note: Each code can only be used once. After logging in, you should immediately disable and re-enable MFA to generate a new set of codes if you believe your old ones are compromised or running low.

Session Management

The system tracks active user sessions to ensure security.

Managing Your Sessions

You can view all devices currently logged into your account:

  1. Go to User Profile > Account Security.
  2. Look for the Active Sessions section.
  3. Current Session: Your current device is highlighted.
  4. Revoke: Click Revoke on any unfamiliar device to log it out.
  5. Logout All: Use this to instantly secure your account by disconnecting all devices except your current one.

Automatic Security

  • Auto-Logout: Sessions may expire after a period of inactivity.
  • Password Change: Changing your password automatically revokes all other sessions immediately.