Hi all, Weβre using open authorization for authentication and single-singnon. The login.html redirects to the identity provider, but we have a login3.html which makes it still able to login as MxAdmin. How can restrict access to this login3.html ? For instance : login with MxAdmin only from certain IP addresses But also we want to avoid that a hacker tries to use this login page to enter the application with one of the existing users in the application. Is there a way to make sure that the password that has to be set in Mendix when the account is automatically created through the open authorization login flow canβt be used?
asked
Olivier Vandevoorde
2 answers
1
I’d make sure the password is a randomly generated long string, so that guessing the password is difficult enough.
answered
Erwin 't Hoen
-1
yep, there is: https://docs.mendix.com/developerportal/deploy/access-restrictions#5-1-example-scenario-1-restricting-access-based-on-an-ip-range