Toggle menu

iCMSiteUser

The iCMSiteUser type handles the logins of users who have registered directly with your site (ie user who use your site registration form, not a third party provider).

Provider Linking

The iCMSiteUser provider always has allowLinkingFromThisProvider set as false. This means that when logging in with this provider, users will never be presented with linking options.

Provider linking lets users link the provider they are logging in with to an account that already exists. For an iCMSiteUser login to work, it must already exist in iCM. Because linking on login is only concerned with adding new providers to existing accounts, and does not linking user accounts together, linking from this provider doesn't make sense - an account with this iCMSiteUser provider must already exist and be the current user's account.

The default configuration does allow linking to this provider on login. If a user has already registered directly with your site and has an account with an iCMSiteUser provider, when they log in with a third party provider with a matching email address, they will be presented with options to link accounts. See the Linking Providers, Account and Profile Management article for a full description.

Note that our standard registration form checks for existing email addresses, so users registering directly with your site won't be able to create a user if they have previously created an account that already has their email address.

User Lockouts

This provider can optionally lockout a user upon n number of failed login attempts. This behaviour is enabled by setting lockoutThreshold to a numeric value greater than 0. The default is 5. The lockoutDuration property sets how long the user will be locked out for in milliseconds.

Note that lockouts only apply to this provider, not to the user account. A user with two providers, iCMSiteUser and Google for example, could lock their iCMSiteUser login, but still log in with their Google details.

Two-Factor Authentication

Two-factor authentication adds an additional layer of security to your site logins. If enabled in the worker configuration (the loginWith2FA parameter below), a code is sent to the email address found in the user profile associated with the username attempting to log in. The user will then have three attempts to enter the code correctly. If the code is entered incorrectly three times, the user is returned to the login screen. When the code is entered correctly, the user is logged in as normal.

The image below shows the default template displayed when entering the two-factor code:

Two-Factor Challenge

Parameters

As well as the parameters described in Base Provider Parameters, the following may be set in the params object.

NameTypeDescription
lockoutThresholdInteger, optionalDefault: 5

If the user fails to login via the ICMSiteUser provider this many times in a row the login will be locked out for the duration specified by lockoutDuration

0 = Lockout disabled
lockoutDurationInteger, optionalDefault: 900000 (fifteen minutes)

How long in milliseconds an iCMSiteUser login will be locked out for after surpassing the lockoutThreshold

0 = Forever
loginWith2FABoolean, optionalDefault: false

If true, two-factor authentication will be enabled. A code is emailed to the user, and they have three attempts to enter it correctly

Example

{
    "providerName": "icmsiteuser", 
    "type": "icmsiteuser",
    "providerDisplayName": "Website Site User",
    "params": {
        "loginWith2FA": false,
        "allowLinkingFromThisProvider": false,
        "allowLinkingToThisProvider": true,
    }
}

Last modified on May 17, 2024

Share this page

Facebook icon Twitter icon email icon

Print

print icon