Ternair Marketing Cloud Manual

Marketing Automation & Customer Data Platform

Home / Advanced / Repository

Repository

The Repository is a central location for managing and maintaining authorization and authentication. The Ternair Repository can be found on the Portal on the right side under the Admin heading.
Repository

Users

At ‘Users’ you can specify users who are allowed to access one or more applications within the Ternair Marketing Cloud.

The mobile phone number is optional and is used to send a pin code when logging in with 2FA. This must be a valid (Dutch) phone number and begin with 06 or +316. If mobile is not filled in or does not start with 06 or +316 a pincode will be sent to the e-mail address when logging in to the portal.

When a user is added, the Repository automatically places the CLIENT NAME before the login name. For example: login name j.boss becomes CLIENTNAME j.boss. When you log in to the customer portal, you can log in with both username ‘CLIENTNAMEj.boss’ and ‘j.boss’.

When using APIs, it is recommended that you create Service Accounts and do not associate users with APIs. When adding a Service Account to the list of users, you can check the ‘Password never expires’ checkbox. Never use this option for personal accounts.

When you right-click on a user in the user overview you can send the user an invitation email to create a password. For more details see chapter ‘Settings – create and change password’.

Users

 

Application

This overview shows all applications within the Ternair Marketing Cloud environment. Applications start with CLIENTNAME_application name. In the overview you can see how many users have access to this application, when it was last logged in, and whether IP-check is enabled when logging in. When IP check is enabled on an application, only an IP address that is on the ‘IP whitelist’ can be logged in.

Application

 

IP-whitelist

Some applications are only available to users/servers whose IP address is known. In the ‘IP whitelist’ menu, it is possible to specify trusted IP addresses. ‘IP’ and ‘Remarks’ are mandatory fields. When you apply IP address whitelist to an application, all access is blocked except for the IP addresses you have added.

 

Authorizations

To give a user access to an application, they must be linked together. There are 2 possibilities for this.

Possibility 1

From the application overview, you can assign authorizations on a specific application. For example, right click on the application CLIENT NAME_PORTAL and choose ‘Authorized’. You will immediately see which users can log on to the portal and the last login date. Using the ‘+button’ you can add users.

Autoriasatie

Possibility 2

From the user view, you can assign applications to specific users. Right click on a user and choose ‘Applications’. You will immediately see which applications this user is allowed to log into. Using the ‘+button’ you can add applications. In this screen you can also specify per application to which user group this person has access.

Autorisatie2

 

Settings

The Repository contains a number of settings that must be configured once. Initially, these settings are filled with default values that can be adjusted for each client.

Settings

Security

A user who does not log in for an extended period of time is automatically blocked.
By default, this setting is set to 180 days.

Blocking users occurs if a user:
– Has not logged in for the defined period of time
– Has never logged in and the account creation date is older than the defined period

Users who are blocked or whose ‘End date’ is in the past are shown as ‘disabled’ in the ‘Users’ screen.

Settings2

Password settings

The password must have a length of at least 12 characters. Optionally, the password requirements can be extended with specific characters, namely:
– Uppercase
– Lower case
– Special characters (! “ # $ % & ‘ ( ) * + – . / : ; < = > ? @ \ ] ^ _ } ~ `)
– Digits (0 – 9)

If one or more options are checked, at least 1 specific character must be included in the password. Ternair recommends making all of the above options mandatory.

When these settings are changed, these conditions only apply to passwords created or changed from that point on.

By default, a password expires after 180 days; this period can also be adjusted on a per-client basis.

14 days before your password expires, you will be shown a screen to reset a password after successfully logging in. Enter your old password once and create a new one. It is also possible to choose to change your password again later, choose the option ‘Other time’.

Wachtwoord_vernieuwen

The new password must not be the same as the old password and must meet the set password requirements.

Communication URL (password creation and change).

Before you can log in as a new user, you will receive an invitation e-mail to create a password. (See also chapter “Users”). If you have forgotten your password, you can also request a new password from the login screen.

wachtwoordvergeten

The user will receive an email with a link that is valid for 7 days. If a user clicks on the link in the email after these 7 days, it is no longer possible to change the password. When a user chooses “forgot password” on the portal itself, he/she will receive an email with a link that is valid for 15 minutes.

By default, this email is sent from a generic Ternair Marketing Cloud environment. It is possible to run this process through an external webhook or through a webhook in your own Campaign environment. When an ‘own’ webhook is used, it is possible to format the mail, also statistics are then insightful.

This webhook needs at least 2 parameters, namely:
– Email address of the user
– PasswordGuide (this is generated by the Repository and is valid for 7 days)

Wachtwoordvergetenmail

Two factor authentication (2FA)

Two factor authentication (2FA) is an authentication method that requires you to successfully complete an additional step to gain access to Ternair. This means that in addition to entering a username and password, you need a second factor (way). This is done in the form of a PIN code sent via SMS (if mobile phone number is known in the Repository). If no mobile phone number is known, a PIN is sent via email.

Step 1: Enter your username. This can be with or without “CLIENTNAME\.
Step 2: Log in with a PIN (the PIN will be sent via text message or email).

2fa_mail

2FA_SMS

Step 3: Enter the password.

Login log

In this overview you can see all user login attempts. By default, you see only the activities of the current day. At the top of the screen you can filter on a specific date or user.

In this overview you can see which user is logging in to which application and whether it is successful. In this login overview the following result codes are shown:

0 = Logged in successfully
1 = Application unknown
2 = Login incorrect or user is disabled
3 = Not authorized on this application
4 = IP address denied
5 = 2FA failed

An administrator can use this screen to find out why a user cannot log in.

FAQ

Who is the Repository for?

The Repository is for administrators within an organization. Need access to an (additional) application? Can’t log in? Forgot the URL or your username? Then ask one of the administrators within your organization.

What can I do if a user has lost his password?

As an administrator, you can send another “invitation email” to a user to create a new password. You can also direct the user to the ‘Forgot password’ option on the login page.

Why can’t someone log in?

This could be due to several reasons. Please refer to the Login log within your Repository. See also chapter ‘Login log’.

How can I give a user more rights within Campaign?

In the Repository you only control the access to an application and you can indicate to which user group someone belongs. What this user group means is controlled in the applications themselves. For Ternair Campaign you can find this under ‘General Settings – System – Authorization’. You can link the code of these user groups to a person. See also chapter ‘Authorizations’.