Access Control

Overview


Figure 1. Example Access Control Page

The Access Control page (Fig. 1) allows you to view and manage access control settings for the selected user. This includes the user’s access to the Mako Central Management System (CMS), the type of access the user has to Mako CMS features and the companies to which the user has access. This is also where you can manage aspects of your own user account, such as changing your account credentials and resetting your authentication method.

The Mako CMS offers a variety of user account security options that impact access control.

Single Sign-On

Single Sign-On (SSO) allows certain users to access the Mako CMS using an existing third-party account created for another system via an SSO identity provider (IdP). Your company determines which providers, such as Microsoft or Okta, are available to you, if any.

For Mako CMS accounts without SSO, your account credentials are managed via the Mako CMS. For Mako CMS accounts with SSO, your account credentials are managed via the SSO identity provider.

Multi-Factor Authentication

Multi-Factor Authentication (MFA) adds an extra layer of security to your account by requesting a new access code each time you log in. MFA is recommended for any user, but it is required for those maintaining PCI DSS compliance.

Companies that require PCI DSS compliance must enforce MFA for all users. For Mako CMS accounts without SSO, MFA is managed via the Mako CMS. For Mako CMS accounts with SSO, MFA is managed via the SSO identity provider.

Access Control

Access Control Form

The section at the top of the page is the Access Control form. Your relationship to the user and the companies associated with the user control the options available here.

Company Filter

Single Company Access


Figure 2. Example User With Single Company Access

For users with access to a single company, the Company filter is read-only (Fig. 2).

If additional companies are available to the selected user, you can add access to these companies using the Companies section at the bottom of the page.

Multiple Company Access


Figure 3. Example User With Multiple Company Access

For users with access to multiple companies, the Company filter is a dropdown (Fig. 3). Use this filter to choose the company for which you want to change the user’s access control settings.

Form Fields

Restricted User Account


Figure 4. Example Read-Only Access Form

For user accounts whose access control settings you do not have permission to modify, including your own user account, the settings are displayed as read-only values (Fig. 4).

Managed User Account


Figure 5. Example Editable Access Form

For user accounts whose access control settings you do have permission to modify, the settings are displayed as editable fields (Fig. 5).

Type of User

Choose the type of access the user will have to the selected company and its Mako devices.

Control Over

Choose whether or not the user has access to the selected company’s customers (child companies) and their Mako devices, as well.

See the New User documentation for more details regarding the Type of User and Control Over fields.

Save Access Control Button

If you make any changes here, click the “Save Access Control” button to save your changes.

Access Actions

Access Actions Form

The section in the middle of the page is the Access Actions form. A variety of conditions control the options available here, including the user’s MFA and SSO settings.

Change Password


Figure 6. Example Access Actions Form for Your User Account

When viewing your own user account, the “Change Password” button will display (Fig. 6).

To change your password, click the “Change Password” button. You will be redirected to the User Authentication page. Follow the instructions there.

This is only for Mako CMS accounts without SSO.

Multi-Factor Authentication Setup

When viewing your own user account, the “Multi-Factor Authentication Setup” button will display.

To set up MFA, click the “Multi-Factor Authentication Setup” button. You will be redirected to the Multi-Factor Authentication page. Follow the instructions there.

This is only for Mako CMS accounts without SSO.

Suspend User


Figure 7. Example Access Actions Form for a Managed User Account

When viewing a user account that you manage, the “Suspend” button will display (Fig. 7).

To suspend this user account, click the “Suspend” button. You will be redirected to the Suspend User page. Follow the instructions there.

User accounts that remain suspended for six months are automatically deleted.

Unsuspend User


Figure 8. Example Access Actions Form “Unsuspend” Button

If this user account has been suspended, either manually or by an automated process, the “Suspend” button is replaced by the “Unsuspend” button (Fig. 8).

To unsuspend this user account, click the “Unsuspend” button.

Delete User

When viewing a user account that you manage, the “Delete” button will display.

To delete this user account, click the “Delete User” button. You will be redirected to the Delete User page. Follow the instructions there.

Deleted user accounts cannot be restored.

Change Username

To change the username for this user account, enter a new username, then click the “Change Username” button.

Reset Authentication

If multiple authentication methods are available to this user account, the “Reset Authentication” button will display.

To reset the authentication method for this user account, enter “Reset Authentication” (case-insensitive), then click the “Reset Authentication” button.

This will force the user to choose a new authentication method the next time they log in.

See the Reset Password documentation for details regarding this process.

Deactivate Multi-Factor Authentication

If MFA is configured for this user account, the “Deactivate MFA” button will display.

To deactivate MFA for this user account, enter “Deactivate MFA” (case-insensitive), then click the “Deactivate MFA” button.

This is only for Mako CMS accounts without SSO.

You can repeat the MFA setup process to continue using MFA.

Companies that require PCI DSS compliance must enforce MFA for all users. In this case, repeating the MFA setup process will be mandatory for Mako CMS accounts without SSO.

Account Multi-Factor Authentication Disabled Email


Figure 9. Example Account Multi-Factor Authentication Disabled Email

After MFA is deactivated, the user will receive an Account Multi-Factor Authentication Disabled email (Fig. 9) as an added security measure.

If you receive an unexpected Account Multi-Factor Authentication Disabled email, contact Mako Support immediately.

Validate Multi-Factor Authentication Access Code

If MFA is configured for this user account, the “Verify Access Code” button will display.

This is a tool for checking that the user’s authenticator app is generating valid access codes for this user account. Enter the current access code provided by the user’s authenticator app, then click the “Verify Access Code” button. This will display a message stating whether or not the access code is valid.

This is only for Mako CMS accounts without SSO.

Companies

Companies List


Figure 10. Example Companies List

Use the Companies list (Fig. 10) at the bottom of the page to manage which companies the selected user can access. Users can have access to more than one company and different access control settings can be specified for each of these companies.

Remove Company / Revoke Access

Click a company’s minus icon button to remove it from this list, which will revoke the selected user’s access to the company.

Add Company / Grant Access

Click the “Add Company” button to open the Company Search form, where you can grant access to any additional companies available to the selected user.

Company Search Form


Figure 11. Example Company Search Form And Company Search Results List

Use the Company Search form (Fig. 11) to search for companies available to the selected user.

Company Name

Enter a search string.

Search Button

Click the “Search” button to view the Company Search Results list.

Company Search Results List

Use the Company Search Results list (Fig. 11) to grant the selected user access to any additional companies available.

Add Company / Grant Access

Click a company’s gear icon button to add it to the Companies list, which will grant the selected user access to the company.

Was this post helpful?
Please let us know if this helped you find answers.
Yes
No