Implementing user authentication

When it comes to protecting and securing your information online, usernames and passwords are the most used forms of authentication for your system. Nevertheless, usernames and passwords are also one of the most insecure forms of user authentication. This article outlines how Maxxton ensures the process of authentication.
To keep and secure your system, Maxxton provides a single point of entry using a self-hosted identity and access management system. This ensures that the access to your system is secure, user-friendly, fast, and centralised. To make this possible, Maxxton has built an Authentication server via Keycloack. By means of this, you are provided with Standard Protocols such as Opened Connect, OAuth 2.0, and SAML 2.0. In addition, it is easy for you to connect to existing user directories, such as social login providers and active directories using LDAP.

How does the authentication setup work?

To gain access to the software environment, the authentication server provides you with a JSON Web Token (JWT) through an Identity and Access management server built on top of Keycloak. Only with this token, the user can access the software. The token can be used independently from the server. This does not require session management (stateless) and prevents access when the expiration time is exceeded.
This can be done through Single-Sign, Two-factor authentication (2FA), and authentication keys. Maxxton offers a great deal of flexibility and can be connected with all conceivable user databases.
Temporary access is suitable for temporary employees, e.g. for cleaners and the maintenance service. Temporary hired employees receive a Time Based One Time Password (TOTP) to gain access to accommodation.

Single-Sign on

You can easily connect the authentication server with the user database of a third party. The username and password of the external third party never pass through our system but are always filled in at the third party’s login page. After that, our system is granted access to the details of the user that exists in the external user database. As soon as the authentication server recognises that the individual requesting for username and password meets the requirements, a token is then granted and the user gains access to the system. Consider here the connections with an account at Google, Linkedin, Facebook, Twitter, etc. Another practical feature is the recognition of an already logged-in account and granting this particular account a token, so the user obtains direct access to the software. When you are logged in in your browser with the following e-mail address, ‘@mycompanyaccount.com’, which is automatically linked to the user database. In Maxxton Software a new user is created in case the provider does not exist in the Maxxton database yet. After it is created the user gets linked to the external provider and closing the account at the provider’s side also prevents access to Maxxton Software.

Two-factor authentication

Two-factor authentication is highly recommended to prevent unauthorised access to the software environment. Accordingly, there are numerous possibilities. Think of sending a verification code by email or by text message. Another method is the use of free OTP/Authenticator Apps. The well-known are the Google Authenticator and Microsoft Authenticator. It will take an additional 15 to 30 extra seconds in the login process, but this is definitely worth the extra security. Extra time burden can be reduced by periodically using the second step. This step can also be applied when suspicious conduct occurs. It is common practice to request an extra code once a month or once a quarter.

Authentication keys

It is also possible to request an authentication key. There are special USB keys, e.g. FIDO2, and WebAuth that are conditional to gain access to the software. This is a slightly different type of two-factor authentication that prevents phishing attacks, something which the previously mentioned implementations do not conduct. This type of authentication also supports passwordless authentication which is still one of the safest ways to protect the system, while being quick.

Time-Based One Time Password

Through Time Based One Time Passwords (TOTP) you can simplify the process to get access to accommodation. A manager who is connected to the central Authenticator Server through an app automatically obtains access tokens with a limited duration (e.g. for half-day) that are sent to the temporary employees’ mobile phones. With Smart Lock technology it is then possible to open the door via a mobile phone. Hence, the manager does not have to accompany the temporary employees on every occasion. Additionally, generic (nonpersonal) user accounts can be used by multiple temporary employees.

Through Time Based One Time Passwords (TOTP) you can simplify the process to get access to accommodation

Benefits of a modern authentication method

Centralized Management – Users, clients, and applications
LDAP/Active Directory – Connect to existing user directories
Standard Protocols – OpenID Connect, OAuth 2.0 and SAML 2.0
Single-Sign on – Login once to multiple applications
Security – Two Factor Authentication, FIDO2, and WebAuthn
Social login – Easily integrate with social logins like Google, Facebook, and Microsoft
Flexibility – Maxxton can build all connections that you can think of

Subscribe to our newsletter

Please subscribe to the Maxxton newsletter and stay connected with the latest news & insights.

Author

Robin Hermans | 19 May 2022

Robin has been working at Maxxton since 2015 as a Software Engineer. He specialises in topics such as authorisation, event system, and databases.

insights

AI for holiday parks, campsites and vacation rentals

01 October 2024 | Stefan Schoenmaker

Maxxton’s AI-driven dynamic pricing adjusts accommodation rates based on demand forecasting and pr

insights

Introducing Customer Deduplication with Machine Learning

11 January 2024 | Roelant de Looff

Our new Customer Deduplication using Machine Learning feature represents a significant advancement i

insights

Accommodation Allocation Through Priority Management

02 November 2023 | Ankita Saxena

You can prioritise which units of your accommodation types should be shown on top when guests are cr

insights

Hire and Retain Top Talent

12 July 2023 | Ruben de Looff

Maxxton has successfully created a high talent density within its workforce and continues to attract

insights

European holiday park trends in 4 graphs

06 March 2023 | Ruben de Looff

European holiday park trends in 4 graphs: digitalisation, customer experience, alternative accommoda

insights

6 paradoxes in price offering in the vacation rental industry

23 February 2023 | Nino Foudraine

We share six paradoxes in price offering in the vacation rental industry and share pragmatic and fut

We're here to help! Drop us a line, if you want to know more about Maxxton Software.

Get in contact

About Maxxton

Global provider of market-leading hospitality software-as-a-service for the large vacation & short-term rental industry. Get started with one single, hospitality industry software system for all your operational requirements. With a strong and proven global track record by serving the hospitality industry for over 25 years, the Maxxton Software system for bookings and business operations is one of its kind.

Maxxton

Solutions