# Accessing the Backoffice {% hint style="info" %} *Path: Back office* {% endhint %} {% hint style="danger" %} Never share your login information. Users can each have individual credentials. {% endhint %} * [URL to access the Backoffice PRODUCTION ENV.](#id-1.16.x-accessingthebackoffice-urltoaccessthebackofficeproductionenv.green) * [Initial user & subsequent users PRODUCTION ENV.](#id-1.16.x-accessingthebackoffice-initialuser-and-subsequentusersproductionenv.green) * [Back office login page](#id-1.16.x-accessingthebackoffice-backofficeloginpage) * [Two-factor authentication](#id-1.16.x-accessingthebackoffice-two-factorauthentication) * [Remove Back office access](#id-1.16.x-accessingthebackoffice-removebackofficeaccess) * [Related resources](#id-1.16.x-accessingthebackoffice-relatedresources) WHO CAN USE THIS FEATURE? Operators who possess an active account and appropriate credentials are granted access to all or specific back-office functionalities. Vendors and customers are not authorized to access the back office. ## URL to access the Backoffice PRODUCTION ENV. Upon the creation of your Operator account, an official notification email will be dispatched to you. This email will include essential details such as the Back-office URL, providing you with access to the platform. For enhanced security measures, SCND employs a dynamically generated URL for accessing the back office (e.g., yourdomain.com/randomlygeneratedstring). This URL is established during the initial setup of the platform by configuring the "second\_admin\_alias" parameter. Subsequently, administrators can modify this string via the "Parameters" interface within the Backoffice: [Parameters](broken://pages/POXTmOJPnU7KkxV45MPz) {% hint style="warning" %} Changing the URL access string affects all users. You will have to share the new URL with them, without which they will no longer be able to access the back office. {% endhint %} ## Initial user & subsequent users PRODUCTION ENV. ### Initial user (super-administrator) Upon the initiation of the platform, the inaugural user is endowed with the utmost level of permissions, assuming the role of super-administrator by default. This designation is established during the initial setup process. Detailed instructions for configuring the initial user account can be found in the technical documentation. ### Inviting other users (operators) After the initial setup, access to the back office is granted solely to the Super-administrator. Acting as the primary account holder, the Super-administrator assumes the responsibility of [configuring user roles](/v2.0/superadmin/access-rights/roles-management.md) and extending[ invitations to additional operators](/v2.0/superadmin/access-rights/administrators-management.md) for collaboration within the back office environment. *** ## Backoffice login page {% hint style="danger" %} **Spoofing alert:** always confirm that the URL you’re viewing corresponds to the URL of your Backoffice login page before entering your credentials. {% endhint %} When accessing the Back office, a login form is displayed:

As a user, you'll find an account creation notification in your email inbox, corresponding to the email address associated with your Back office account. This notification serves as a confirmation of your recent account setup. When you first log in, you will be prompted to create your own password. This password will be set by you and will be used for future logins. ### Recovering a lost password To recover your password, click on the “*Forgot your password ?” (figure 2)* link beneath the login form:

Enter your email address to receive an email containing a link to reset your password:

{% hint style="success" %} Do not forget to check your spam if you do not see the email in your main inbox. {% endhint %} {% hint style="warning" %} The number of password requests is limited. The rate limit can be viewed and changed through the [“Configurations”](/v2.0/superadmin/configurations/features.md) interface. {% endhint %} Password policy: for security purposes a strong password policy is enforced. Password requirements: {% hint style="info" %} * Minimum password length: 10 characters * Contain at least: * 1 uppercase character (A-Z) * 1 lower case character (A-Z) * 1 digit (0-9) * 1 special character * New password must be different from the previous one * User should not user the first part of his email address Password strength policy can be adjusted through the [**“Configurations”**](/v2.0/superadmin/configurations/features.md) interface. {% endhint %} ## Two-factor authentication Two-factor authentication (2FA) is a specific type of multi-factor authentication (MFA) that strengthens access security by requiring two methods (also referred to as authentication factors) to verify your identity. {% hint style="warning" %} We highly recommend that all Backoffice users activate 2FA authentication {% endhint %} ### Activating 2FA for your account {% hint style="info" %} You will need to install an [**Authenticator App**](https://www.pcmag.com/picks/the-best-authenticator-apps) on your smartphone to follow this procedure (ex. Google Authenticator). {% endhint %} To set up the 2FA for your account, log in into the back office and click on the avatar menu. You will see in the menu the “Two-factor authentication” (figure 4 ).

Scan the QR-code with your [Authenticator App ](https://www.pcmag.com/picks/the-best-authenticator-apps)(not just a QR code scanner), this will generate a 6-digits code which will be displayed on your device. Enter the code in the “6-digit code” field and click “Add” (figure 5) to enable the two-factor authentication for your account:

### Logging in with 2FA Once the 2FA is configured you will have 2 steps to login into the back office. 1. Enter your credentials 2. Fill in the 2FA 6-digit code generated to be able to login into the back office (figure 6).

### Disabling 2FA authentication You can remove the 2FA authentication on the back office by clicking on the “remove” button (figure 11), in the Two-factor authentication menu.

## Remove Backoffice access Please view the Administrator Management page to see how to delete an account. ## Related resources **SBO:** * [Platform KPI - Homepage](/v2.0/superadmin/platform-kpi-homepage.md) * [Administrators management](/v2.0/superadmin/access-rights/administrators-management.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://features.scnd.com/v2.0/superadmin/accessing-the-backoffice.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.