Jump to content


Photo

Customize login screens

UI

  • Please log in to reply
4 replies to this topic

#1 Pavla Luckham

Pavla Luckham
  • Members
  • 12 posts

Posted 16 March 2017 - 04:52 PM

The first screen asking for user name and the second screen asking for a password have identical color scheme. Our users get confused thinking that they are looking at the first (user name) screen again, and they call us that "the system didn't take my user name".

 

Also, the "click here" link for different authentication screen is visually not standing out, and users miss it all the time.

 

I would like to be able to customize the login screens (starting with a different color or layout scheme for the first and second one), and create a big obvious button for "Use two form authentication" or "click here to use google authenticator" or something like that.

 

Having the option to customize to that level of detail, or just having the defaults look different than they do now, would be great.

 

Thank you,

 

Pavla



#2 Gavin Chappell

Gavin Chappell
  • Moderators
  • 439 posts
  • LocationNottingham, UK

Posted 17 March 2017 - 03:29 AM

Hi Pavla, unfortunately the product is now in maintenance mode (https://community.ba...intenance-mode/) and will no longer receive new features, only P0 bug fixes and security vulnerability fixes. The decision to not refer to authentication by name is kind of a design decision - the login process of the SSL VPN is designed to give away as little information as possible, because the more a potential attacker knows about your system then the more of their work we've done for them. An attacker shouldn't be able to find out that your organisation uses Google Authenticator for your second factor because although the chances of them guessing a Google Auth code correctly are very low, that gives them knowledge that may be used in a socal engineering context.



#3 sorin

sorin
  • Members
  • 52 posts

Posted 15 May 2017 - 02:10 AM

Dear Gavin,

 

If you allow to me, your answer is a bit strange, especially because we are paying for the updates.

What will happen next?

 

Kind regards,

Sorin



#4 Gavin Chappell

Gavin Chappell
  • Moderators
  • 439 posts
  • LocationNottingham, UK

Posted 15 May 2017 - 04:38 AM

You are paying for updates to the Network Access Control subsystem, development time for security vulnerabilities, and development time for any "stop ship" bugs which are found in the product. What will happen next is that for the foreseeable future, you will still receive Energize Updates for the NAC system, until the decision is made to make the product completely end-of-life, at which point this will be communicated to customers leaving them plenty of time to investigate alternative products using the remainder of their subscriptions.



#5 sorin

sorin
  • Members
  • 52 posts

Posted 15 May 2017 - 07:21 AM

That is a confusing answer in my oppinion

Firmware Maintenance includes new firmware updates with feature enhancements and bug fixes as they are made available

 

Lets move the conversation to

SSL VPN End of Life? - "In Essence"? :(

https://community.ba...ife-in-essence/