

As a system admin, you must assign at least one authentication method to each user in order for them to log in. A user can have multiple login methods but only one Password.
A significant security improvement to the Relativity authentication process is that the system admin no longer knows or can set user passwords. The invitation workflow, called that because you invite users to log in to Relativity, is the new mechanism for them to set and to manage their own passwords. Now, a system admin (when creating a new user), or a user (if they forget their password) initiates an email sent to them at their specified address, and they create or reset their password directly within Relativity.
Note: For help with single sign-on error messages, please see the SSO Troubleshooting console.
The invitation workflow applies to the following methods:
The password option requires the user to enter only a password for authentication. It does not require an additional check or two-factor criterion.
To assign and to configure this option for a user:
The two-factor authentication is a variation of the Password method that requires a passcode in addition to a password.
To assign and configure this option for a user,
For authenticator app, the user will follow the instructions on the app or enter the app's passcode. For email two-factor authentication, the system emails a passcode to the user during logon, and it's different each time.
Note: The link in the email is valid for 5 minutes, and only the most recently-sent email can be used. The link expiration time is not configurable.
The Outside Trusted IP is a variation of the Password method that requires a passcode only if the user logs in outside of a specified IP range. If the log on is inside the trusted range, then only a password is required.
Note: Password reset emails are not generated for users logging in via 2FA from an untrusted IP address. To initiate a password reset in these cases, an administrator must send a reset link from a trusted IP address.
To assign and to configure this option for a user:
You define an IP address or addresses as valid locations from which users can log in from in a combination of two settings.
The second setting specifies a valid IP address or addresses for each user. This can be an individual address, a range of addresses, or combination of either. The specified range is called the Trusted IPs. Users outside of this range or ranges won't be able to login except by using Password authentication with the Two Factor Mode set to Outside Trusted IPs.
To set the user Trusted IP range:
By default, no value is empty, which indicates any IP address is valid.
In case of setting the user's Trusted IP range, you can specify an individual address, a range of addresses, or a combination of either, separate each one with a carriage return.
Addresses use the "###.###.###.###" format. The following wildcards are available for both settings:
Description | Example | |
---|---|---|
Asterisk (*) (Asterisk wildcard) |
Matches zero or more characters. |
192.168.31.*. You can't use this notation with the match range of digits wildcard. |
Hash (#) (Hash wildcard) |
Matches any single digit 0-9. | 192.168.31.##. You can't use this notation with the match range of digits wildcard. |
[start-end] (Match range of digits wildcard) |
Matches a range of digits. |
192.168.31. [0-255]. You can't use this notation with the asterisk and/or hash wildcards. |
16-bit mask | A 16-bit number that masks an IP address. | 192.168.0.0/16 is the same as 192.168.0.0/255.255.0.0. Network address range is 192.168.0.0-192.168.255.255. |
24-bit mask | A 24-bit number that masks an IP address. | 192.168.31.0/24 is the same as 192.168.31.0/255.255.255.0. Network address range is 192.168.31.0 - 192.168.31.255. |
25-bit mask | A 25-bit number that masks an IP address. | 192.168.31.0/25 is the same as 192.168.31.0/255.255.255.128. Network address range is 192.168.31.0 - 192.168.31.127. |
Sometimes it may be necessary to reset a user's password. In Relativity, passwords are reset by sending the user an email with a reset link.
To reset a user's password:
By default, system admins can't set or see user passwords. Instead, system admins can send a password reset email, and users create and manage their own passwords. However, there are some situations, such as for testing or project development, that may require system admins to explicitly and manually set passwords.
To set this option in your Relativity instance, add the AdminsCanSetPasswords instance setting to the Relativity.Authentication section and set it to True. You must manually enter this setting and value because it is not present from the default Relativity installation.
To set a password, use the following procedure.
The password information doesn't appear except when you're editing it. If a current password exists, it doesn't appear either. Each new password overwrites the existing password.
Why was this not helpful?
Check one that applies.
Thank you for your feedback.
Want to tell us more?
Great!