Skip to main content
All CollectionsThe Lookout Manual
Login management
Login management

How to reset a users password, reset two-factor authentication, log out a user or enable/disable a user.

R
Written by Rowan Hogan
Updated over 5 months ago

The Login Management Access Role permission allows you to reset passwords and two-factor authentication for other users and log out, enable, or disable user accounts.

To grant a staffer this permission, please refer to Using Access roles in Lookout.

Profile login management

Once the Login Management permission is added to your access role, a new Login Management section will appear in a user's profile, providing buttons for various login management functions.

Log-out user

Logs out the user from all their devices, forcing them to log in again.

Disable/Enable user

  • Disable User: prevents the user from accessing any of the app's functionality

    • They will still be able to log in, but they won't be able to access anything.

  • Enable User: permits the user to access functionality within the app.

    • This will reset the "User Since" time.

Single sign-on (SSO)

Allows the user to authenticate using SSO. An SSO identifier is required for this feature to work, but you wonโ€™t need to enter it manually. There is a directory syncing path during configuration.

If your instance is not yet configured to support SSO, this option will be disabled. To start using this feature, contact our account management team by clicking the 'Chat with Sales' button.

Learn more about SSO

Email & password

Enables the user to log in to their account using their email and password combination, which is the default login method.

Send password reset email

Sends the user an email with a password reset link.

To confirm the delivery status of these password reset emails, open the Email Deliveries page by clicking your name in the side navigation.

Two-factor authentication (2FA)

  • On: Requires the user to enter a 2FA code when logging in using email. If enabling it for the first time or resetting, the user can log in without a code but will be prompted to set up 2FA after a successful login.

    Set up 2FA

  • Off: Disables two-factor authentication and removes all 2FA configuration data.

We strongly recommend enabling Two-Factor Authentication (2FA) to strengthen your account security and protect against unauthorised access.

Login session settings

Configure the session duration or the amount of time a user remains logged in according to your company's requirements and preferences.

By default, each user will have a one (1) year session duration. We highly recommend updating the default settings.

To update session settings:

  1. Click the three dots next to your name on the navigation bar, and choose Settings.

  2. From the Settings page, open Login settings under the 'Your team' submenu.

  3. Update the Session timeout duration for each user type (Staffer, Helper, Members, and loved ones) as required. Finalise your session settings by clicking 'Save changes'.

Login activity

Admin app

Staffers with login management permissions can audit user login sessions through the Login activity page. It provides a detailed log regarding each user account, including the device type, login method (SSO or Password), location, login time, and when they were last seen.

Click the 'Lock' icon to log a user out of their session

To access the Login activity page:

  1. Click the three dots next to your name on the navigation bar, and choose Login activity.

  2. You can also access the page by clicking the link inside the Session settings.

Care app

Care workers and members (including their loved ones) can also manage and monitor their login activity directly from the care app.

To access on your mobile device:

  1. Tap your Profile photo to access Settings.

  2. Select the Login activity button from the Account section.

The feature allows logging out of specific sessions for those with multiple devices, providing enhanced control and security over account access.

FAQs

Will Lookout 2FA still be required if I log in using SSO?

No, Lookout will not prompt users to enter an additional 2FA code when logging in via SSO. However, users may still be required to complete 2FA if it is part of their SSO authentication process (e.g., entering 2FA to complete the Microsoft sign-in).

Can 2FA be enabled for helpers?

The two-factor authentication setting in Lookout can only be toggled for Staffers. That said, 2FA for helpers can be enabled through SSO logins if enforced within your IDP (e.g. Microsoft Entra).

Can I enforce SSO as the only login method for my staffers?

Yes, you can enforce SSO as the only login method by disabling the Email & password login option.

Related Articles
Creating and managing Admin Staff Members
Setting up two-factor authentication
Resetting a User Password
Resetting your password
2024.11 - Insights add-on available to all, login security tools, birthday alerts, dark mode ๐ŸŒ™ and more.
Did this answer your question?