LogoLogo
More help and supportPhocas website
  • Home
  • Getting started
    • Navigation
    • Homepage
    • Data access
    • User licenses, profiles and permissions
    • Account settings
    • Databases
    • Periods
      • Offset dates
      • Default period for a database
    • Sharing and folders
      • Share a dashboard, favorite, or alert
    • Subscriptions
  • Analytics
    • Take a tour of Analytics
    • Work with the grid
    • View a summary of the data
    • Customize your view (Analytics)
      • Change the mode
        • Period mode
        • Period Variance mode
        • Period Stream mode
        • Moving mode
        • Stream mode
        • Total mode
        • Transaction mode
        • Matrix mode
        • Matrix Variance mode
        • Matrix Share mode
        • Variance mode
        • Search mode
        • Market mode
        • Custom mode
      • Change the properties (Analytics)
      • Change the measures (Analytics)
      • Change the stream
      • Use the activity filter
      • Change the data format
      • Change the period (Analytics)
    • Drill down into your data (view transactions)
    • Filter data (use dimensions)
    • Select data (Analytics)
    • Focus on data (Analytics)
    • Copy or export data
    • Search for data
      • Perform a basic search
      • Perform an advanced search
      • Search for similar or comparative data (right-click filter)
    • Add levels to the grid (grid nesting)
    • Compare data with Matrix mode
    • Get more options for viewing data
    • Visualize your data in a chart
      • Bar and Column charts
      • Combo chart
      • Pareto chart
      • Waterfall chart
      • Line chart
      • Area and % Area charts
      • Pie and Donut charts
      • Bubble chart
      • Radar chart
      • Gauge chart
      • Bullet chart
      • Summary and Ring Summary charts
      • Map charts
      • Configure the chart options
      • Select and focus on a chart segment
      • Export a chart as an image
      • Use the chart legend
    • Save favorites and add to dashboards (Analytics)
    • Reset data
    • Phocas AI
    • Flex Modes
      • Switch modes
      • Filter data (Flex Modes)
      • Apply conditional formatting
      • Add levels to the grid (Flex Modes)
      • Manage columns (Flex Modes)
      • Save and share a favorite (Flex Modes)
      • View your data in a chart (Flex Modes)
  • Financial Statements
    • Take a tour of Financial Statements
    • Overview of access to financial statements
    • Customize your view (Financial Statements)
      • Change the properties (Financial Statements)
      • Change the measures (Financial Statements)
      • Change the period (Financial Statements)
      • Change the current data
      • Change the budget data
      • Change the columns
      • Change the style
      • Change the rows (activity filter)
    • Filter the financial information
    • Select and focus on data (Financial Statements)
    • Copy or export financial information
    • Add a level in a financial statement
    • View financial information in a matrix (change column groups)
    • Add and view comments (Financial Statements)
    • View transactions (Financial Statements)
    • View financial information in a chart
      • Create a Pie and Donut chart (Financial Statements)
      • Create a Value card
      • Export a financial chart widget as an image
    • Save and share favorites (Financial Statements)
    • Add financial analysis to a dashboard
    • Manage financial statements
      • Overview of financial statements and dimensions
      • Create a financial statement
      • Delete a financial statement
      • Customize a financial statement
        • Rename a financial statement
        • Reorder a financial statement
        • Customize account groups
        • Customize calculations
          • Functions for Profit & Loss calculations
          • Formulas for financial ratios
        • Customize headings and spacers
        • Set the revenue row in a Profit & Loss statement
        • Customize columns
        • Customize a Cash Flow statement
          • Common account mapping for Cash Flow statements
        • Rebuild the database
      • Set the financial year end date
      • Map the Retained Earnings account(s)
      • Restrict access to accounts
      • Manage budget streams (Financial Statements)
        • Create a budget (Financial Statements)
      • Use statistical streams
      • Use multiple currencies
      • Manage dimension groups
      • Map categories from your Chart of Accounts
  • Budgets & Forecasts
    • Overview of key terms and concepts
      • Budgets versus forecasts
      • Users and data access
      • Relationship with the Financial Statements module
      • 3-statement budgeting
      • Filtering methods
      • Demand planning
      • Loan repayments
    • Take a tour of Budgets & Forecasts
      • Explore the budget workbook
      • Explore the forecast workbook
      • Explore the Balance Sheet and Cash Flow budgets and forecasts
    • Customize your view (Budgets & Forecasts)
      • Filter a worksheet (search for items)
      • Group period columns
      • Use layouts
    • Use session filters
    • Edit values in a worksheet
      • Open workbook notes
      • Use keyboard shortcuts
      • Copy and paste values
      • Use comparison rows
      • Use sum and working lines
      • Use formulas
      • Spread totals
      • Revert to the baseline values
      • Edit the Balance Sheet budget
      • View and use headcount data
    • Refresh a workbook
    • Use workflows
      • Contribute to the workflow
      • View the workflow history
      • View workflow comments
    • View budget information in a chart
    • Open baseline, comparative, or opening balance data
    • Review the budget or forecast
      • Add and view cell comments
      • View and restore the cell history
      • View the audit log
      • Compare actuals, budgets and forecasts
    • Export a workbook or worksheet tab
    • Manage budgets and forecasts
      • Create a budget workbook
        • Filtered budget or forecast
        • Multi-currency budget
        • Unclassified data
        • Period types in budgets
        • Additional measures for driver-based budgeting
      • Create a forecast workbook
      • Clone a workbook
      • Import a budget or forecast
      • Edit the workbook setup
      • Roll a budget forward
      • Add more detail to a budget or forecast
      • Add worksheet tabs (drivers)
        • Balance Sheet and Cash Flow tabs
        • Manual Entry tab
        • Database tab
        • Headcount tab
          • Headcount tab FAQs
        • Reference tab
        • Lookup tab
        • Allocations tab
        • Scratch Pad tab
      • Manage worksheet tabs
      • Add notes to a workbook
      • Customize the format of measures
      • Manage the workflow
      • Manage user access and notifications
      • Publish a budget, forecast or other worksheet tab
      • Fix the baseline in a budget
      • Delete or restore a workbook
      • Delete a stream (Budgets & Forecasts)
      • Troubleshoot performance issues
  • Rebates
    • Overview of rebates
    • Get started with Rebates
    • Projects
    • Rules
      • Parent-child rebate rules
      • Rebates calculation methods
      • Yearly rebates
      • Quarterly rebates
      • Monthly rebates
      • Whole rule period rebates
      • Retrospective rebates
      • Pro rata rebates
    • Calculations
      • Run a calculation
      • Schedule calculations
      • View calculation results and transactions
      • Post calculation results
    • Seasonal calendars
    • Rebates analysis
    • Rebates near miss analysis
  • CRM
    • Overview of CRM
    • Agenda
    • Contacts
    • Accounts
    • Leads
    • Activities
      • Microsoft 365 Outlook calendar integration
    • Campaigns
    • CRM analysis
    • CRM administration
  • Favorites
    • Save a favorite
    • Manage favorites
    • Set a favorite as your default view
    • Use alerts
  • Dashboards
    • Use dashboards
    • Create a dashboard
    • Set a dashboard as your homepage
    • Manage dashboards
  • Administration
    • Overview of access to data (Administration)
    • Users
      • Add, update or delete a user account
        • User maintenance form
        • User permissions
      • Create a user template
      • Manage a user's database access and restrictions
      • Manage user passwords
      • Monitor user activity
      • Lock user accounts
      • Impersonate a user
    • Profiles
    • Folders (Administration)
    • Favorites (Administration)
    • Dashboards (Administration)
    • Subscriptions (Administration)
    • Periods (Administration)
      • Period types
      • Working days
    • Databases (Administration)
    • Sync Sources
    • Connectors
    • Configuration
      • Set up SSO
      • Set up SSO with Microsoft Entra ID
    • Logs
    • Designer
      • Modify a database
      • Get your data into Phocas
      • Design a database
        • Create a database
        • Add (connect) data to a database
        • Map data to the database
        • Save your database design
      • Design a financial database
      • Build a database
      • View and revert to older design versions
      • Add a budget file to a financial database
      • Add a budget file to a non-financial database (easy budget upload)
    • Sync
      • Automatically join or split items during Sync (split view)
      • Schedule the sync process
      • Migrate Sync
      • Test the sync process
    • Reserved words and characters
    • End of year maintenance tips
  • OTHER INFORMATION
    • File upload
    • Encrypt (share secrets)
    • Glossary
    • Release notes
      • Analytics release notes
      • Financial Statements release notes
      • Budgets and Forecasts release notes
      • Rebates release notes
      • Administration release notes
    • System requirements
    • Technical limitations
    • Security information
    • Scheduled upgrade and maintenance periods
    • More help and support
Powered by GitBook

© Phocas Software

On this page
  • General settings
  • Password policy
  • Defaults
  • Dashboards
  • Marketing
  • Geocoding
  • Health Check
  • CRM
  • Connections settings
  • LDAP
  • SMTP
  • Single sign-on settings
  • SSO for enhanced security
  • How SSO works
  • Setting up SSO

Was this helpful?

  1. Administration

Configuration

Configure and customize your Phocas site's general, connection, and SSO settings.

PreviousConnectorsNextSet up SSO

Last updated 13 days ago

Was this helpful?

User permission: Administration > Configuration

The Configuration page contains several settings organized into three tabs. Ensure you click Save to apply your changes to the settings on this page.

General settings

On the General tab, you can set your password policy, date format, language, and more.

Password policy

If your site uses Phocas authentication (default), users and passwords are stored in the Phocas system and you can set a site-wide password policy that includes automatic expiry, length, character requirements, and so on.

The Phocas-managed password policy does not apply if you are another way to authenticate Phocas users:

  • LDAP (Lightweight Directory Access Protocol): This authentication method can be configured during installation. User passwords take on AD (active directory) protocols.

  • SSO (single sign-on): This authentication method uses a trusted third-party identity provider (IdP) to allow users to sign in to Phocas with the same credentials they use for other applications.

Set your required password policy...
  • Automatic expiry (days): The number of days a user’s password will remain valid before it expires, forcing the user to reset their password when they next attempt to sign in. An administrator can also reset passwords. Select the duration from the dropdown list.

  • Minimum length: The minimum length of a password. By default, this is 8 characters.

  • Minimum uppercase letters, numbers, and special characters: The minimum number of uppercase letters, numeric characters, and/or special characters that users must have in their passwords. By default, these are all 0.

  • Password cannot be username: This checkbox is selected by default, which means that users can’t include their username in their passwords. Clear this checkbox if you want to allow users to include their usernames in their passwords (not recommended).

  • Prevent users from changing password: Select this checkbox to prevent users from changing their own password. If checked, non-administrators will not be able to change their password.

Defaults

Administrator email address

Application URL

This is the web address where users connect to your site. When users are first added to Phocas, they receive this URL in an email. In some older versions of Phocas, this setting might say External URL.

Default language

This is the language used by default throughout your site. If this setting is left blank, the user's location or their own language setting applies. The default language determines the default date format used throughout your site.

Default date format and language

The dates in Phocas are formatted according to the selected language or, if no language is selected, the location settings in each user's browser.

For example:

  • The English (United Kingdom) language uses dd/mm/yyyy formatting.

  • The English (United States) language uses mm/dd/yyyy formatting.

It is strongly recommended that the language is set in Phocas rather than relying on the web browser.

Administrators can select a Default Language on the Configuration page. By default, this setting is blank.

  • If you select a default language here, it becomes the global default, which overrides any browser settings. However, individual users can still select a language through their account settings page.

  • If you do not select a language here, and the individual user does not select one, the system will use the browser location settings to determine the date format.

  • This setting is session-based. When it is changed, users who are currently signed in (including the administrator) are required to sign out and back in for the changes to take effect.

User language settings
Browser language settings

If a language is not set globally nor by an individual user, all dates will be formatted according to the location settings in each user's web browser. The setting options for Chrome and Internet Explorer are outlined below. Information about setting languages in other browsers can usually be found under the browser settings.

Chrome

In the browser, type chrome://settings/languages into the address field to view the browser language settings. The language at the top of the list is the one used for formatting. Use the Add button or drag and drop to reorder the list.

  • English uses the dd/mm/yyyy format

  • English (United States) uses mm/dd/yyyy.

Internet Explorer

In the browser, select Tools > Internet options. On the General tab > Appearance section, select Languages. The language at the top of the list determines the formatting. Use the Add or Move Up/Down buttons to select the preferred language.

Dashboards

The Text Widgets - Enable HTML Content (potentially unsafe) setting controls whether or not text widgets are allowed on your site. By default, the checkbox isn’t selected, which means that text widgets aren’t allowed. Selecting the checkbox will allow users to add potentially unsafe HTML content to a dashboard via a text widget, which might make your site vulnerable.

Marketing

You can add a marketing panel to the Phocas sign-in screen, in the form of a small linked image which redirects the user to another web page. This is sometimes used by Phocas to provide training information and notice of upcoming events to users.

  • Marketing panel image URL: The full path name of the image to be displayed. It is recommended that these are 650 x 217 PX and in the PNG format.

  • Marketing panel target URL: The web address to redirect to if the panel is clicked.

Geocoding

Health Check

The Send health check setting controls whether or not a health check report is sent to Phocas. By default, the checkbox is selected, meaning the report is sent. Clear the checkbox if you don't want to send the reports.

CRM

Applicable to the CRM module, these settings add links in CRM entity pages that provide shortcuts to either a Query database and/or a dashboard with that entity focused. For example, open the Sales database with XYZ customer selected.

Connections settings

On the Connections tab, you can configure and test the LDAP and SMTP settings.

LDAP

Phocas authentication is the default security model, with users and passwords stored in the Phocas system. However, you can configure LDAP (Lightweight Directory Access Protocol) authentication as the user authentication mechanism. This method only authenticates a user's username and password; permissions are stored in Phocas.

Configure the LDAP

The following configuration options are available in the LDAP window:

Username and Password: Username and password to connect to the LDAP server.

Group: LDAP users can be members of one or more LDAP Groups. Notes about groups:

  • A group name can be entered to limit the number of LDAP usernames retrieved.

  • Alternatively, a valid LDAP filter can be entered, beginning with a left bracket ‘(‘.

  • If an LDAP filter is not entered, the following filter will automatically be applied to limit the number of usernames retrieved: (objectClass=user)(objectCategory=person).

  • Groups can be used with or without LDAP organizational units (OUs).

Domain: Should be left blank, as it is added to LDAP usernames at login.

Connection string: String to store the server, port, domain and, where required, the organization unit where the users are stored. To create the LDAP URL, you need to know the server, port, domain and possibly the organization unit, where:

  • The server is usually the Active Directory (AD) server.

  • The default LDAP port is 636.

  • The domain is split by the period and added as DC elements. Larger companies might split users into organization units (where the users are stored), however, not including the OU should allow any user of the domain to authenticate.

More notes about connection strings:

  • The LDAP, OU and DC must be capitalized.

  • Syntax: LDAP://[server]:[port]/OU=[organisation unit],DC=[domain],DC=[domain]

  • Examples: LDAP://ldap.phocas.com.au:636/DC=phocas,DC=com,DC=au LDAP://dc.company.com:587/OU=users,DC=company,DC=com LDAP://HostName[:PortNumber]/CN=Smith,Jeff,CN=users,DC=fabrikam,DC=com

Test the LDAP configuration

Click the Test button below the settings to test the current LDAP configuration. If the connection is successful, a list of retrieved usernames displays. If the connection is unsuccessful, a Connection Failed message displays, with an explanation of the problem.

Deal with server changes

From time to time, server changes might affect LDAP access. This can easily be addressed by updating IP addresses in your firewall, which can be obtained from your Phocas Support Team.

Combine LDAP and non-LDAP users

When LDAP is enabled, all new users are assumed to be LDAP accounts, but the system does allow a mixed approach.

In the user maintenance form, there is a checkbox under the Username box, which is selected for new users by default. If you clear this checkbox, the user will be authenticated by Phocas instead.

SMTP

You can configure the Simple Mail Transfer Protocol (SMTP) settings to enable Phocas to send emails, thus allowing users to subscribe to a favorite and export data to an email.

Configure the SMTP

The following configuration options are available in the SMTP window:

  • Server and Port: Server and port to connect to the SMTP server.

  • SSL: Selected by default, this setting enforces a secure connection with the SMTP server.

  • Username and Password: Username and password to connect to the SMTP server.

  • From name: String value that is displayed as the sender of emails, replacing the email address. If left blank, it will default to Phocas (No Reply). Some SMTP servers (such as Gmail and Hotmail) do not allow you to change the From name setting to anything other than your account, and any address you enter will be overwritten before the servers relay the email. This is to prevent spamming/spoofing.

  • From address: Email address that replaces the email address associated with the username (if allowed by the mail server). Most email servers ignore this field. If left blank, and the username contains an @, Phocas will set the reply address to no_reply and the domain abstracted from the username (everything before the @).

Test the SMTP configuration

Click the Test button below the settings to test the current SMTP configuration. You can enter a test email address to which a test email will be sent. A notification will show a pass or fail message. Errors are logged if troubleshooting is required.

Single sign-on settings

On the Single sign-on (SS0) tab, you can set up SSO for your Phocas site. The SSO feature uses a trusted third-party identity provider (IdP) to allow users to sign in to Phocas with the same credentials they use for other applications, such as Microsoft Entra ID and OKTA. SSO uses a standard web protocol known as Security Assertion Markup Language (SAML), which securely passes a user’s identity from one place (IdP) to another (Phocas) via encrypted, digitally signed, XML certificates.

SSO for enhanced security

How SSO works

When you allow SSO for your Phocas site, users will see a Sign in… button on the Phocas Sign in screen, allowing them to sign in via the IdP. If you select the enhanced SAML security setting in your SSO configuration, users will only be able to sign in with the IdP.

When users sign in using SSO, if they're already authenticated with your IdP, they're taken straight into Phocas. If they are not yet authenticated, they're taken to a second sign in screen, where they enter their credentials for the IdP.

When users finish their session in Phocas, they need to sign out of Phocas in the usual way, even if they have signed out of other applications that use the IdP. Without signing out, the duration of a session will depend on your IdP and other factors, such as how often the users clear cookies.

Setting up SSO

Failed sign in attempts: The number of times a user can try to sign in to Phocas before they are locked out of their account. By default, this is two attempts. If this setting is left blank or set to 0, there’ll be no limit to the number of times a user can try to sign in. LDAP accounts are not subject to lockout. See how to .

See for information on managing user passwords;

This is the email address of the Phocas administrator for your site. On sites without the functionality, this email address is provided so users can contact the Phocas administrator.

The language selected by each individual user on their page overrides both the global default and browser settings.

This is your Google Maps geocoding API key, which is required for .

See a of the LDAP URL (this link will take you to an external site).

See a of the LDAP URL (this link will take you to an external site).

While Phocas doesn’t natively support multi-factor authentication (MFA), if you’re looking for that level of security, use SSO for your Phocas site. You can either give users the option of signing in with their IdP credentials or make it mandatory for them to do so (see the ).

If you're using Microsoft Entra ID as your IdP provider, go to the page. Otherwise, go to (generic IdP).

unlock a user's account
Manage user passwords
forgotten password
Account settings
map charts
detailed explanation
brief explanation
Set up SSO with Microsoft Entra ID
Set up SSO
Enhanced SAML Security setting
image-20240725-012955.png