Logging into SupportAbility

This article provides information to assist with logging into your SupportAbility installation securely and successfully, including information about setting up your username and password, logging in when MFA is configured, remote access, and the Automatically Log Users Out After (inactivity) setting.

Audience: All


Summary

The following list summarises the content within this article. Click on the links below to take you to the relevant sections:


Security Levels

Prior to version 8.5, SupportAbility had two levels of security that needed to be passed in order to gain access to SupportAbility:

  • Shared Security
  • Individual User Security

Shared Security Requirement - Now Redundant

The Shared Security level used a shared username and password across the organisation. 

This extra security level requirement was put in place many years ago to stop the server from responding to unnecessary traffic.

As part of the security enhancements introduced as part of our ISO27001 certification, a Web Application Firewall was introduced to reject web page requests that look suspicious.

Rate limiting was also introduced to block suspicious high-volume traffic during a short period of time.

These and other security measures mean that the shared security mechanism is now redundant.

Multi-Factor Authentication

Organisations wishing to add a further level of security when staff log in have the option to utilise Multi-Factor Authentication. MFA is blocked by default and can be configured by your organisation in System Preferences when you are ready to utilise this.

Information about this functionality is outlined in the  Multi-Factor Authentication (MFA) in SupportAbility article, linked below for your reference.

Return to Summary


Setting Up Your Username and Password

Each time you log into SupportAbility, you will need to enter your individual username and password.

Your username will be created for you by the staff member creating your user account, in a format that aligns with your organisation's requirements e.g. initialsurname.

Creating your individual password will initially be assisted by your organisation, who will select one of the following methods:

  • Send Password Link
    You will receive an automated email with your username and a 'Reset Password' link which takes you to a screen where you can set your own password,

    OR
  • Set Password Manually
    A temporary password will be created and communicated to you, which can be used for your initial login.
    If they have selected 'Force password reset on next login', which we recommend, you will be required to change this to something more secure upon your next login.

Return to Summary


Logging into SupportAbility via the Web App

To log in to SupportAbility via the Web App, enter your individual Username and Password,  then select the 'Log In' button:

N.B. When using shared devices:
  • We do not recommend selecting the browser prompt to save or remember your individual password, in order to preserve the security of each Staff account. 
  • We recommend that Staff always log out of SupportAbility when they have finished their session.

Return to Summary


Multi-Factor Authentication (MFA)

If MFA has been configured as 'Optional' for each Staff Member, or 'Enforced' for your organisation, and you have activated MFA for your Staff Account using an Authenticator App, you will be required to pass the MFA step periodically when logging into SupportAbility. 

Following your username and password being entered, the MFA window will display: 

Open your Authenticator App e.g. Last Pass and view the 6-digit MFA code (time-based one-time passcode) for SupportAbility e.g: 219937

Enter this code in the 'Enter 6 digit MFA code' field e.g:

Once 'Submit' is selected, provided the correct code is entered, you will be able to access SupportAbility. 

Please see the  How to log in to SupportAbility once Multi-Factor Authentication (MFA) has been activated in your Staff Account article linked below for more information regarding this, including the email fallback option if you are unable to access your Authenticator App. 

Return to Summary


Logging into SupportAbility via the Mobile App

When first logging into the SupportAbility Mobile App you will need to enter the SupportAbility installation name for your organisation, and select 'Next':

Then enter your 'Individual Username' and 'Individual Password' which will be the same as those entered in your Staff Account in the Web App. Then select 'Log In':

Return to Summary


Multi-Factor Authentication (MFA)

If MFA has been configured as 'Optional' for each Staff Member, or 'Enforced' for your organisation, and you have activated MFA for your Staff Account using an Authenticator App, you will be required to pass the MFA step periodically when logging into SupportAbility, by entering the 6-digit MFA code from your authenticator app: 

Once you have passed the above steps, you will be asked to set a 4-digit PIN that is saved to your phone, which you will be prompted to enter to access the app in future:

Once you have logged into the SupportAbility Mobile App and set your PIN, you will land on the Home screen.

N.B. You will be required to input the 4-digit PIN when attempting to access the app after (5) minutes of inactivity.

Return to Summary


Remote Access

SupportAbility provides functionality if your organisation wishes to restrict access to your installation when Staff are logging in from a remote location other than approved Sites such as where Services are delivered or managed from. 

If remote access has been configured in your installation by restricting access to specific IP addresses, only Staff who have been granted the 'Allow Remote Access' privilege in their Staff Account will be able to log in to your installation from a location other than the whitelist of allowable IP addresses.

More information regarding this functionality is outlined in the  Restricting Remote Access to SupportAbility article, linked below.  

Return to Summary


Trouble Logging In

For detailed information relating to managing issues with logging in, please refer to the linked articles below:

If you are still unable to access SupportAbility, or do not have a record of your organisation's Shared Username and Shared Password please contact your System Administrator, or SupportAbility Authorised Representative.

Return to Summary


Automatically Log Users Out After (inactivity)

Generally, the information displayed on SupportAbility screens is highly sensitive, necessitating a level of privacy regarding who can see it. 

Unintentional breaches of privacy may occur when a Staff Member temporarily moves away from their computer or tablet without locking the screen or logging out or if they forget to log off on a shared device/computer once they have completed their work.

To assist with this, SupportAbility can be configured to automatically log users out after a specified time of inactivity.  

This setting is configured in the 'System Settings' section on the Settings tab in System Preferences:

The default is set to '30' minutes; however, this can be configured to a time that better suits your organisation's requirements, e.g. 10 minutes: 

Return to Summary

Still need help? Contact Us Contact Us