This topic is meant for the main application manager or a similarly privileged XperienCentral user.
In This Topic
Logging in to XperienCentral
Once you have successfully installed XperienCentral, you can start it and log in. To log in to XperienCentral, navigate to the following URL:
<xperiencentral-server>/web/edit
where <xperiencentral-server>
is the name of the server on which XperienCentral is running. You will then see the XperienCentral login screen:
The very first time that a new XperienCentral installation is logged in to, most likely by the main application manager or a developer, use the following username/password combination:
Username: Administrator
Password: Administrator
After successfully logging in, you will be prompted to change the password for the Administrator user. After doing so as described below, you can proceed with configuring XperienCentral and creating new users and assigning roles. Direct all your users to the following URL to log in to XperienCentral:
<xperiencentral-server>/web/edit
where <xperiencentral-server>
is the name of the server on which XperienCentral is running. The first time all new users log in to XperienCentral they must change their password:
- Enter your current password in the "Current password" field.
- Enter your new password in the "New Password" field. For security reasons, users must create a strong password. A strong password has all of the following characteristics:
- Is at least 12 characters long.
- Contains a mix of uppercase and lowercase letters.
- No string of letters spells out a word that appears in the dictionary of the language of the user.
- Contains one or more numbers, but the numbers do not represent anything associated with the user such as their birth date, age, house address, and so forth.
- Contains one or more special characters. A special character is anything that is not a letter or a number or a space.
- Does not contain any string of letters that spell their first or last name, their company name, their job description, nickname, or any other word that could be associated with them personally.
When you type the new password into the field, the "Password Strength" field indicates the strength of your password using different colors. The following colors are used to indicate the password's strength:- Red — The password is extremely weak (not accepted).
- Yellow — The password is moderately weak (not accepted).
- Blue — The password is good.
Green — The password is strong.
- Confirm your new password in the "Retype new password" field.
- Select the language to use for the XperienCentral GUI from the Language drop-down list.
- Click [Login].
After a user has logged in to XperienCentral for the first time, they will no longer see the GUI language choice on the Login screen. Hereafter, users can select their GUI language on the Personal Settings tab in My Settings.
Logging in to the XperienCentral Setup Tool
To log in to the XperienCentral Setup Tool, navigate to the following URL:
<xperiencentral-server>/web/setup
where <xperiencentral-server>
is the name of the server on which XperienCentral is running. The password is the same as the one used to log in to the Workspace.
Logging in to the XperienCentral Administrative Pages
The XperienCentral Administrative Pages are used to monitor an XperienCentral installation. See Administrative Pages for complete information.
The following applies to XperienCentral versions 10.13.0 and higher.
Navigating Directly to the XperienCentral Login Page
In all cases when not using backend container authentication, when a user navigates to .../web/edit
, they will be redirected to the login screen if they are not already logged in. If they are already logged in, navigating to .../web/edit
will take them directly to the XperienCentral Workspace, bypassing the login screen. If a user wants to navigate directly to the login screen, in order to switch users for example, use the following URL:
<xperiencentral-server>/web/login
where <xperiencentral-server>
is the name of the server on which XperienCentral is running.
Login Lockout Mechanism
If a user attempts to log in 5 consecutive times without success, they will be locked out of XperienCentral for 10 minutes, after which they can attempt to log in again. This holds true even if their password is changed by an administrator. There is no time limit for the 5 consecutive unsuccessful attempts which means that a user will be locked out even if a year passes between the first and fifth unsuccessful attempts.
The following applies to XperienCentral versions 10.13.0 and higher.
Logging in with Backend Container Authentication
If you implement the Backend Container Authentication functionality for your project, your users do not have to log in to XperienCentral with a username and password if they have already logged in to the backend container. In this situation, refer your users to the following URL to directly access XperienCentral:
<xperiencentral-server>/web/edit
where <xperiencentral-server>
is the name of the server on which XperienCentral is running.
Two Factor Authentication
The following applies to XperienCentral versions R24.2 and R26 and higher.
Two factor authentication is a user authorization scheme in which two separate authentication challenges must be satisfied in order to gain access to a resource. XperienCentral contains a two factor authentication setting which requires a user to provide a username/password combination followed by a security token which he or she receives by email. When two factor authentication is enabled, a user must pass both authentication checks in order to gain access to the XperienCentral backend. The two authentication steps must be satisfied every time they log in.
Enabling Two Factor Authentication
Important: Before you enable two factor authentication, it is extremely important that you correctly configure the XperienCentral SMTP host setting in the application_settings section of the General tab in the Setup Tool as well as the email address for all users in the User Authorization panel. Confirm the following:
- The "E-mail" field for all users (including yourself) on the Users tab in User Authorization is correct.
- The SMTP host that XperienCentral uses to send email messages is correct. Check the
smtp_host
property under the "application_settings" section of the General (R30 and older) tab in the Setup Tool. You can ensure that thesmtp_host
setting is correct by sending a test email to yourself. The easiest way to do this is to set "Deletion notification" to "Immediately" in My Settings > Notification Settings. Then, create a new page in the Site Structure Widget and delete it at once. The deletion notification should be sent within a maximum of 15 minutes.
Proceed with the steps below only after you successfully receive an email from XperienCentral using the method described above or by some other means.
Follow these steps to enable two factor authorization:
- Open the Setup Tool.
- Navigate to the General (R30 and older) tab.
- Under "website_settings", locate the property
enable_email_two_factor_authentication
and select it in order to enable it. - Click [Save Changes] at the bottom of the General tab.
Testing Two Factor Authentication
Once you have enabled two factor authentication, test it:
- Log out of XperienCentral if you are logged in.
- Log in to XperienCentral. You will be prompted for your username and password.
- Provide your username and password and click [Login]. The following dialog box should appear:
- Enter the security token which you received from XperienCentral via email.
- Click [Submit]. You should now be logged in to XperienCentral.
Once you have determined that two factor authentication is working properly, notify your XperienCentral users about the steps required to log in. Be sure to inform them that the security token is valid for the duration of an XperienCentral session. If a session times out (after 30 minutes of inactivity by default), a user must start a new session and receive a new security token in order to log in.
Troubleshooting Two Factor Authentication
If something goes wrong with the configuration of the SMTP host and/or your personal email address, you could be locked out of XperienCentral. If you have configured any other users with the role Application Manager, try to log in using one of those accounts. If this is successful, it means that your personal email is not configured correctly. Fix your email address in the Users tab in User Authorization.
If you cannot log in to XperienCentral with any user, you need to disable two factor authentication and start again. To disable two factor authentication from outside the XperienCentral GUI, stop the XperienCentral web server. Restart XperienCentral and pass the following JAVA_OPTS option in the startup command:
-Ddisable_2fa
Start over at the beginning with the two factor authentication configuration.