TrackAbout recently added technology from Auth0 to power our authentication system. Auth0 by Okta is the recognized industry leader for enterprise-class secure authentication and authorization services.
Most of the changes are behind the scenes, from improved basic login safety and security to the ability for us to offer Multi-Factor Authentication and Federated Identity/Single Sign-On.
This change is scheduled to go live in your TrackAbout Production environment starting Monday, June 26th. Please communicate the following changes to your users so they will not be surprised. This may help reduce the number of support calls that result.
New TrackAbout Password Complexity Rules
TrackAbout is standardizing its password complexity rules. We will no longer offer custom (per-customer) password complexity rules. This is a limitation of the Auth0 platform, but Auth0’s implementation is up-to-date and follows the latest password guidance from NIST. All new or updated TrackAbout account passwords must adhere to the following rules:
-
Passwords must be at least 8 characters.
-
Passwords can contain ONLY the following characters:
-
Lower case letters (a-z)
-
Upper case letters (A-Z)
-
Numbers 0 through 9
-
The special characters ! @ # $ % ^ &
-
-
Users can't reuse any of their last ten passwords.
-
Passwords can't use the same character more than twice in a row.
-
Passwords cannot include the user's First or Last name, username, or email address.
-
Passwords cannot include "trackabout".
TrackAbout Web Sign-In
Users will now be prompted to enter their TrackAbout username or email alone, then after clicking “SIGN IN”, be prompted to enter their password.
This change is necessary so that we may offer Federated Login (coming soon). After recognizing the username or email, depending on the identity provider, the site may redirect the user to a corporate identity login system rather than TrackAbout’s.
Example:
1. Enter your TrackAbout Email or Username, then click SIGN IN. You'll then be prompted to enter your password.
2. Enter your password and click CONTINUE to sign-in.
TrackAbout Mobile 7 Sign-In
Similar to the website sign-in, users will now be prompted to enter their TrackAbout username or email first, then be prompted to enter their password.
Example: 1. Enter your TrackAbout Email or Username, then click LOG IN.
2. You may be prompted to let TrackAbout use Auth0.com to sign in. Tap CONTINUE to allow it.
3. When prompted, enter your password and tap CONTINUE to sign-in to TrackAbout.
*Please note that users will only see these changes when their TA Mobile 7 app version updates to 7.339.xxx. TrackAbout employs a staggered rollout for mobile app updates which makes the updates available to users over a period of a few days instead of all at once.
VERY IMPORTANT: For Device and Network Administrators
Auth0 requires the following URLs for authentication:
-
For Production: trackabout.auth0.com and auth.trackabout.com
-
For ClientTest: trackabout-test.us.auth0.com
Please make sure these are allowed on the appropriate networks and devices.
If you have devices managed by a mobile device management system, please note that Auth0 must launch a web browser in order to access the above authentication URLs. If the device browser is blocked in a user profile, the user will not be able to log into the TA Mobile 7 app.
If you have any urgent inquiries or require immediate assistance, please reach out to TrackAbout Support at support@trackabout.com or call 1.800.960.1510 Ext. 8.
- TrackAbout Support