Introduction

Authentication is the process of verifying a user's identity before accessing the Bookandlink platform. This system includes various security features such as login, logout, password management, multi-factor authentication (MFA), device management, and account notifications. This documentation provides clear steps for each authentication feature, including handling device limits and security alerts, along with troubleshooting solutions.

All authentication actions are managed through the Bookandlink Single Sign-On (SSO) website.

Login

Single Sign-On (SSO) login is a centralized authentication process that allows you to access multiple products with a single set of credentials. Login allows you to access your account using registered credentials. Ensure that the email and password are entered correctly to avoid access issues.

How to Log In

1. Go to the SSO login page (URL: https://sso.bookandlink.com/auth/login).
2. Enter your registered email and password.
   • If you enter the wrong password three times, your account will be temporarily disabled for 10 minutes.
3. Click the Login button.
   • If your credentials are incorrect, you will see a 'Wrong password and email combination' notification.

[!NOTE] When logging in for the first time, you must complete an additional verification step to enhance security. This process includes entering an OTP (One-Time Passcode) sent via email.

[!NOTE]

Troubleshooting Login Issues

• Incorrect Email or Password
  • Ensure you entered the correct registered email and password.
  • Check for typos or extra spaces.
  • If you forgot your password, use the Forgot Password option to reset it.
• Login Page Not Loading Properly
  • Refresh the page or try a different browser.
  • Clear browser cache and cookies, then try again.
  • Use Incognito Mode to rule out browser issues.
• Account Temporarily Disabled Due to Three Failed Attempts
  • If you enter the wrong password three times in a row, your account will be temporarily disabled for 10 minutes.
  • Wait for 10 minutes before trying again.
  • If you forgot your password, click Forgot Password to reset it instead of repeatedly entering incorrect credentials.

---

OTP Request

The system will send a 6-digit OTP code to the registered email. This code must be entered to complete authentication and ensure account security.

How to Enter OTP

1. Open your registered email and check for an OTP message from the system.
2. Return to the login page and enter the 6-digit OTP code in the verification field.
3. (Optional) Check the box "Trust this device for 30 days".
   • This setting may help reduce additional security checks on this device.
   • OTP is required when logging in for the first time, on a new browser, from a different device, or using a different browser profile.
4. Click Verify to confirm your authentication.
   • If the OTP is correct, you will be redirected to the dashboard.
5. If the OTP is incorrect or expired, click Resend to receive a new OTP.

[!NOTE]

Troubleshooting OTP Issues

• Didn’t receive the OTP Email?
  • Check your Spam/Junk folder in your email.
  • Ensure you entered the correct registered email.
  • Wait a few moments, as email delivery may take some time.
• OTP Code Invalid or Expired?
  • Click Resend to request a new OTP.
  • Ensure your internet connection is stable.
  • Try hard-refreshing the page (Ctrl + Shift + R or Cmd + Shift + R) to reload without cache.
  • Clear browser cache and cookies (see the steps below).
• Clearing Cache & Browser Issues
  If you frequently experience OTP issues or login problems, try these steps:
  1. Clear your browser cache and cookies:
     • Chrome: Settings > Privacy and security > Clear browsing data.
     • Firefox: Settings > Privacy & Security > Clear Data.
     • Edge: Settings > Privacy, search, and services > Clear browsing data.
  2. Open the login page in Incognito Mode.
  3. Make sure your browser allows JavaScript and third-party cookies.
  4. Try using a different browser.

---

Google Authentication

By default, your login authentication uses a 6-digit OTP sent to your email. However, after successfully logging in with OTP, you can enhance security by setting up Google Authenticator as an additional verification method.

How to Set Up Google Authenticator

1. After logging in, navigate to the "MFA" menu on the left sidebar.
2. Select Google Authenticator as your preferred authentication method.
3. Click Setup, then scan the QR code using the Google Authenticator app.
4. Enter the 6-digit code displayed in the app and click Verify.
5. Click "Save Changes" to apply your selection.

[!NOTE]

• Users must successfully log in before setting up Google Authenticator.
• Once set up, users can choose between OTP via email or Google Authenticator for login authentication.
• If both OTP via email and Google Authenticator are enabled, users can select their preferred method during login.

---

How to Log In Using Google Authenticator

Once you have successfully set up Google Authenticator as your verification method, for subsequent logins, you can choose your preferred verification method between OTP via email or Google Authenticator.

1. Go to the SSO login page (URL: bookandlink.com/sso/login).
2. Enter your registered email and password.
   • If you enter the wrong password three times, your account will be temporarily disabled for 10 minutes.
3. Click the Login button.
4. On the verification page, click Use Another Method if you want to use Google Authenticator instead of OTP via email.
5. Open the Google Authenticator app on your mobile device.
   • Locate the Bookandlink SSO entry and retrieve the 6-digit verification code.
6. Enter the 6-digit code in the verification field.
7. Click Verify to complete authentication.
   • If the code is correct, you will be redirected to the dashboard.
   • If the code is incorrect or expired, open Google Authenticator and enter the latest code.

[!NOTE]

• Ensure your mobile device time is correctly synced to avoid issues with code validation.
• If you lose access to Google Authenticator, you may need to reset your MFA settings and set it up again.
• If both OTP via email and Google Authenticator are enabled, you will have the option to choose your preferred method during login.

[!NOTE]

Troubleshooting Login Issues with Google Authenticator

Incorrect Verification Code

• Ensure you are entering the latest 6-digit code from the Google Authenticator app.
• The code updates every 30 seconds—try again with the latest code.
• Check your device’s date and time settings. If they are incorrect, sync them with the internet.

Google Authenticator App Not Working

• Restart your mobile device and try again.
• Make sure the Google Authenticator app is updated to the latest version.
• If the app crashes, reinstall it and restore access using your backup code.

Lost Access to Google Authenticator

• Click Use Another Method on the verification page.
• Select OTP via Email to receive a verification code via email.
• If you cannot receive OTP via email, contact support to reset your authentication method.

---

Forget Password

If you forget your password, you can request a password reset using the Forgot Password feature. This will send a reset link to your registered email, allowing you to create a new password.

How to Request a Forget Password

1. On the login page, click the Forgot Password?

2. Enter your registered email and click Continue.

   • If your email exists in the system, a reset password email will be sent.
   • If your email does not exist in the system, a password reset email will not be sent.

3. Check your email inbox for a reset password email.

4. If you do not receive the email, you can request a new one by clicking the Resend Email button.

[!NOTE]

Troubleshooting Forgot Password Issues

• Didn’t receive the reset email?
  • Check your Spam/Junk folder in your email.
  • Ensure you entered the correct registered email.
  • Wait a few minutes, as email delivery may take some time.
  • Click Resend Email to request a new reset email.
• Email not found in the system?
  • Make sure you are using the correct email registered with your account.
  • If the issue persists, contact support for further assistance.

---

Reset Password

Once you receive email notification to reset your password, the reset password link will be valid only for 15 mins.

How to Reset Your Password

1. Open your email and check the password reset message, and click the Reset Password link.
2. You will be redirected to the password reset page.
3. Enter your new password following these requirements:
   • Must be at least 8 characters long.
   • Include at least 1 uppercase letter, 1 lowercase letter, and 1 number.
   • Contain at least 1 special character (e.g., ! @ # ?).
4. Confirm your new password by entering it again. Make sure the Confirm Password is the same as the New Password.
5. Click Reset Password button to apply the changes.
6. After successfully updating your password, you will see a confirmation message. Click "Login" to access your account using the new password.******

[!NOTE]

Troubleshooting Reset Password Issues

• Password reset link expired or invalid?

  • The reset link is only valid for a 15 mins. If it has expired, request a new Forgot Password email.
  • Ensure you are using the latest reset link sent to your email.

• New password does not meet the requirements?

  • Use at least 8 characters.
  • Include at least 1 uppercase letter, 1 lowercase letter, and 1 number.
  • Add at least one special character (e.g., ! @ # ?).

• Still unable to reset your password?

  • Clear your browser cache and cookies, then try again.
  • Use Incognito Mode or a different browser.
  • If the issue persists, contact support for further assistance.

---

Exceed Device Limit

Your account allows login on up to three devices simultaneously. If you attempt to log in on a fourth device, you will receive an email notification informing you that you have reached the maximum device limit. The email will also provide details of the devices currently logged into your account and give you the option to remove a device.

To log in on a new device, you must remove at least one existing device from your account.

How to Remove a Device

1. Check your Email Notification
   • Open the email notification sent to your registered email.
   • The email will display a list of devices currently logged into your account.
2. Click the Remove Button
   • Click the Remove button next to the device you want to remove.
3. You will be redirected to a page where you can remove the device’s access to your account.
   • The page will display the selected device’s details, including device type, IP address, expiration time, and browser information.
4. Click Yes, I'm Sure to confirm the removal.
   • If you want to keep the device connected, click 'No, Cancel' to cancel the removal process.
5. After removing the device, you will be redirected to the login page. Enter your account credentials and log in from your new device.

[!NOTE]

Important Reminders

• Every time you log in on a new device, you will receive an email notification for security purposes.

• Ensure you are removing the correct device before confirming the action.

• If you did not attempt a new login but received a device limit notification, immediately change your password to secure your account.

[!NOTE]

Troubleshooting Device Limit Issues

Unable to Remove a Device?

• Ensure you have a stable internet connection before trying again.
• Try refreshing the Linked Devices Page and attempt the removal process once more.
• If the issue persists, log out from all devices and log back in on your preferred devices.

Not Receiving the Email Notification?

• Check your spam or junk folder.
• Ensure your registered email address is correct and active.
• If still not received, try resending the notification from the login page.

Device Still Showing After Removal?

• Clear your browser cache and refresh the page.
• Try logging out and logging back in to refresh the session.
• If the issue persists, contact support for further assistance.

---

Notification

The system will send you an email notification for any critical action taken on your account. If you did not authorize the action, we recommend securing your account by changing your password immediately. Additionally, review your active sessions and remove any unrecognized devices from your account settings.

Notification Guidelines

Success Reset Password

• When your password is successfully reset, you will receive a notification in your registered email.
• If you authorized this action, you can now log in using your new password.

Weak Password Detected

• If the system detects that your password is weak, you will receive a notification prompting you to change it.
• You will be directed to the Change Password page to create a stronger password.
• It is recommended to use a combination of uppercase and lowercase letters, numbers, and special characters.

Exceed Device Limit

• If you exceed the maximum login limit of three devices, you will receive a notification detailing which devices currently have access to your account.
• You must remove one of the three devices before logging in with a new device.

New Device Linked

• When your account is accessed from a new device, you will receive an email notification.
• The email will include details such as device type, browser, and login time.

Multiple Failed Login Attempts

• If you enter the wrong password three times, your account will be temporarily disabled for 10 minutes.
• You will receive an email notification about the failed attempts.
• If you did not attempts to log in, reset your password immediately.

[!NOTE]

Security Reminder

• Always ensure that your account information is kept private.
• Do not share your login credentials with anyone.
• If you notice any unauthorized activity, reset your password immediately.

---