What is Cymmetri?

Cymmetri is a well-trusted platform acting as an advisor and an end-to-end partner for Security-aware teams looking to deploy Identity and Access Management Solutions across their organization. We offer an industry-standard product backed by a strong team that always aims to innovate our solutions to cater to a wide variety of enterprise needs.

Cymmetri User Login flow starts with the process of a user accessing their tenant instance login page.

Typically, this would be of the format, https://<company-name>.cymmetri.io

Once, on the Cymmetri Login page, please enter your username (you should have received this on your corporate email).

Enter the username received on the mail, and click on the Next button.

If your administrator has enabled password-less login option, then you will be able to see the Login without password button, else you will see the login button.

Additionally, you might be able to follow the Forgot Password/Unlock Account flow, if your multi-factor authentication options have already been registration using the first time User registration flow.

The step below indicates the trigger for the Password-less login flow.

Clicking on the "Login without password" button will trigger the password-less login flow, will prompt the registered multi-factor authentication options for login.

The step below indicates the trigger for the Password-based login flow.

Enter the password for your user account and click on the Login button to proceed with the password-based login flow. Depending on whether the administrator has enabled the multi-factor authentication options for your organization, and depending on the factors that you have registered for, you will be shown login options.

The steps below for choosing multi-factor authentication options are common for the password-less login and password-based login flows.

Option 1 - Choosing Cymmetri Authenticator will require you to enter your Time-based OTP as it appears on your Cymmetri Authenticator mobile application. Enter the TOTP and click on Verify to continue.

Option 2 - Choosing Push Authenticator will send a push notification to your mobile phone and you may click on the accept button to complete the login process.

Option 3 - Choosing Google Authenticator will require you to enter your Time-based OTP as it appears on your Google Authenticator mobile application. Enter the TOTP and click on Verify to continue.

Option 4 - Choosing SMS Authenticator will send an OTP to the user's registered mobile number and the user is expected to enter this OTP and Click on Verify to continue.

Regardless of the flow followed and the multi-factor authentication option chosen, the user will end up on the dashboard page below upon successful login.

1. Start by clicking on the link to start the registration of your tenant on the Cymmetri Cloud 2.0 and enter your personal details with your work email. Click on Next.

1. Enter your country, phone number (mandatory to receive OTP), and enter a domain name for your tenant. In case the domain available message is not shown, choose a different domain name. Click on Start trial button.

1. You will receive an OTP on your mobile number from the previous step. Enter the OTP here and wait for a few seconds for your tenant to be created.

1. You will be redirect to your domain to create a new first Organization Admin User. Ensure that your password matches the password policy.

1. You will receive a message to show that your tenant has been created.

1. Click on the login button for proceeding with the onboarding process

1. Click on the Next button to enter your password and proceed with the setup of your tenant.

1. Choose applications from the application catalogue, click on the application icon. Then click on the Next button.

1. Enter details to create a second administrator account. Click on Send Invite button to create an administrator. Click on Next button to proceed.

1. (Optional) Add users if you wish to. Then click on finish.

1. You will be redirected to the Dashboard to proceed with the system.

Next Steps

All users accessing Cymmetri must pass through the first time user registration flow. The user will require the website address to access the Cymmetri cloud account, their Username and password.

Sign In to Cymmetri

URL : https://<companyname>.cymmetri.io/login

Example:

  Instructions

Below is a step-by-step guide for accessing Cymmetri and performing the first time registration flow:

1. Type the appropriate URL in the browser address bar.

2. Provide the Username in the user name prompt.

1. Cymmetri will provide option to login with a password

1. Cymmetri will require the user to change the initial password and provide a new password. If the new password provided by user does not match or does not satisfy the password policy, the user will not be able to reset the password and the Update button will not be clickable.

1. After the user has reset the initial password successfully, Cymmetri will ask the user to register for Multi-Factor Authentication. The system will guide the user to setup their MFA.

2. On clicking the Cymmetri Authenticator option, the user will be required to scan a QR code using the Cymmetri Authenticator mobile application.

3. Once user has successfully registered the MFA, the user will be guided to the My Workspace page.

The password for the user would be sent to the user’s registered email address. The password may also be available with Cymmetri administrative user or the user’s reporting manager.

Cymmetri Identity platform supports login using multi-factor authentication options as -

1. a second factor of authentication for the password-based login process.

2. a method of authentication for the password-less login flow.

The following steps indicate how to set up multi-factor authentication options in your Cymmetri Identity platform instance for both flows

Cymmetri allows flexibility by introducing both modern mechanisms, such as -

1. Time based OTP (through Cymmetri Authenticator mobile application)

2. Time based OTP (through Google Authenticator and other mobile application)

3. Push based Notification (through Cymmetri Authenticator mobile application)

4. SMS OTP

5. Email OTP

In this document, we will go through setting up the Multi-factor authentication options on the Cymmetri Identity Platform, and run through the setup of Multi-factor authentication options and their usage for the login scenario.

Setting up Multi-factor Authentication for the tenant

1. Access Multi-factor authentication by going to Products menu > Multifactor authentication product

2. Next, we select factors sub-menu

3. We now select the Cymmetri Authenticator (Time based OTP) toggle and click confirm to setup Cymmetri Authenticator as an MFA option

4. Similarly we toggle on the Push Notification and SMS Authenticator (OTP) options

5. Next we select the configuration sub-menu to configure the OTP options, here we will enable the Email OTP option by toggling it on.

6. Next we move to configure the rules for Multi-factor authentication policy for login

7. Click on the pencil icon to start editing the policy and change the dropdown of all factors to indicate that they are mandatory (required).

Let us talk about the options available for each factor -

Required - This setting means that the corresponding factor is required to be enabled for each user, and every user must set up this factor in their next login.

Optional - This setting means that the corresponding factor is not required to be enabled for each user, and they may configure this option from their "My Workspace". Once the user configures it, they may use it for the purpose of second level of authentication during authentication. Disabled - This settings means that the corresponding factor is not required or enabled for each user, and the user may not configure or use it for authentication into the Cymmetri platform.

8. Now click on the pencil icon in the upper box to toggle on this rule.

9. All subsequent logins of any user on the Cymmetri Identity platform will now require the use of mandatory MFA for one of these factors.

The following steps indicate how to set up for Password-less login

As an organization or domain administrator, click on the products menu on the left-hand side, and then click on the passwordless button to start configuring password-less authentication option.

Click on the toggle button on the top to enable the password-less login option for the end-users logging into the Cymmetri Identity platform tenant.

Further, as an administrator you may turn on/off the toggle switches to allow/block the end-user from using a particular multi-factor authentication option during password-less login.

1. TOTP Based - refers to the Cymmetri Authenticator option as indicated earlier in the document.

2. OTP Based - refers to the SMS Authenticator option as indicated earlier in the document.

3. Consent Based - refers to the Push Authenticator option as indicated earlier in the document.

To access Cymmetri, user must use a web browser such as Google Chrome or Safari and type the appropriate address.

Sign In to Cymmetri

URL : https://<companyname>.cymmetri.com/login

Example: https://helpdocs.cymmetri.com/login

Steps to access Cymmetri

Below is a step-by-step guide for accessing Cymmetri:

Step 1 - Type the appropriate URL in the browser address bar.