[{"data":1,"prerenderedAt":214},["ShallowReactive",2],{"guide:zh:admin/authentication":3},{"id":4,"title":5,"body":6,"description":206,"extension":207,"meta":208,"navigation":209,"path":210,"seo":211,"stem":212,"__hash__":213},"guide_zh/zh/user/admin/authentication.md","身份验证设置",{"type":7,"value":8,"toc":199},"minimark",[9,13,22,25,29,36,43,46,113,116,127,130,136,186,192],[10,11,12],"h1",{"id":12},"身份验证",[14,15,16,17,21],"p",{},"身份验证用于确认用户能否访问应用程序，但并不决定其可查看或修改的内容（参见 ",[18,19,20],"code",{},"./authorization","）。",[14,23,24],{},"身份验证在允许访问 Aptli 之前验证您的身份。您使用电子邮件和密码登录，系统维护安全会话。",[26,27,28],"h2",{"id":28},"自定义管理员设置",[14,30,31,32,35],{},"修改任何这些设置都需要用户配置文件中拥有\"AppSettingSchemasModify\"权限。该权限默认授予超级管理员，但也可由其他管理员共享。要查看用户拥有的管理权限，请在用户页面（",[18,33,34],{},"http://[您的主机]/admin/users","）查看其配置文件中的\"管理权限\"部分。",[14,37,38],{},[39,40,42],"a",{"href":41},"./admin-rights.png","检查管理员权限",[14,44,45],{},"以下内容可进行自定义以覆盖默认设置：",[47,48,49,68,74,84,90,96,102],"ul",{},[50,51,52,56,57,60,61,67],"li",{},[53,54,55],"strong",{},"允许的域名"," — 可访问应用程序的域名列表。当用户尝试注册 ",[18,58,59],{},"/auth/signup"," 时，仅允许来自此列表的域名请求。（默认：",[62,63,64],"span",{},[18,65,66],{},"您的主机","）",[50,69,70,73],{},[53,71,72],{},"允许注册"," — 允许受限域用户创建未注册账户，并自动接收注册邮件，无需管理员审批请求。（默认：false）",[50,75,76,79,80,83],{},[53,77,78],{},"最大登录尝试次数"," — 账户被设置为\"强制锁定\"前的失败登录尝试次数。账户强制锁定后需由具备 ",[18,81,82],{},"usersUpdate"," 管理权限者解锁。（默认：5 次）",[50,85,86,89],{},[53,87,88],{},"自动注销时间"," — 会话在无交互状态下的持续时长（秒）。在线读写数据将重置此倒计时。（默认：1 天）",[50,91,92,95],{},[53,93,94],{},"服务器会话超时"," — 服务器端强制关闭会话的时间，不受自动注销时间限制（单位：分钟）。过期后用户需重新登录。（默认：1 周）",[50,97,98,101],{},[53,99,100],{},"会话过期时间"," — 应用程序端自动关闭会话的时间，不受自动注销时间限制。通常与 CSRF 令牌同步；若用户仅使用单一设备则保持一致，但多设备登录时间存在显著差异时可能产生不同结果。（默认：1 周）",[50,103,104,107,108,112],{},[53,105,106],{},"有效登录方式"," — 启用 SSO 选项或禁用用户名/密码选项。至少需选择一种方式；SSO 替代方案的配置需联系 Aptli 开发人员处理（",[39,109,111],{"href":110},"mailto:contact@aptli.io","contact@aptli.io","）。（默认：用户名/密码）",[26,114,115],{"id":115},"强制注销",[14,117,118,119,122,123],{},"在管理页面 ",[18,120,121],{},"/admin/users"," 中，可通过每个用户的操作菜单强制锁定并注销用户：",[39,124,126],{"href":125},"./authentication/force-logout.png","用户操作",[26,128,129],{"id":129},"登录故障排除",[14,131,132,133,135],{},"若用户登录时遇到问题，请先通过管理后台的用户链接查看其个人资料，或直接访问 ",[18,134,121],{}," 页面。登录问题通常由以下几种情况引起：",[47,137,138,157,171,177],{},[50,139,140,143,144,147,148,152,153,156],{},[53,141,142],{},"已删除账户。"," 若通过滚动页面或左上角按邮箱大小写筛选仍无法找到用户账户，则该账户可能已被删除。若您的权限包含 ",[18,145,146],{},"viewDeleted"," 访问权限，右上角将显示",[39,149,151],{"href":150},"./authentication/see-deleted.png","查看已删除","按钮。点击该按钮并刷新页面即可查看已删除账户。若您拥有 ",[18,154,155],{},"usersCreate"," 管理权限，可通过用户资料页的操作按钮恢复该账户。",[50,158,159,162,163,167,168,170],{},[53,160,161],{},"强制锁定。"," 用户若多次输入错误密码将被强制锁定，或可手动设置此状态以阻止其继续访问。请查找",[39,164,166],{"href":165},"./authentication/hard-lock.png","强制锁定","标识。若您拥有 ",[18,169,82],{}," 管理权限，可解锁其账户。",[50,172,173,176],{},[53,174,175],{},"用户邮箱未验证。"," 用户邮箱验证字段应显示完成验证的日期。系统会向用户发送含 10 分钟有效令牌的激活链接，若未完成验证则无法通过任何方式登录（包括 SSO）。",[50,178,179,182,183,185],{},[53,180,181],{},"域名无效。"," 如应用设置所述，来自未识别域名的用户无法添加。若域名发生细微变更，系统可能产生轻微差异，但管理员可通过右上角菜单使用 ",[18,184,155],{}," 权限手动添加\"外部\"地址。",[14,187,188,189],{},"如需修改账户信息，请通过上传更改按钮提交（图标为带向上箭头的云朵）。用户资料的修改将立即生效。",[39,190,191],{"href":150},"查看已删除记录",[14,193,194,195,198],{},"如有其他疑问，请发送邮件至 ",[18,196,197],{},"support@aptli.io"," 获取解答。",{"title":200,"searchDepth":201,"depth":201,"links":202},"",2,[203,204,205],{"id":28,"depth":201,"text":28},{"id":115,"depth":201,"text":115},{"id":129,"depth":201,"text":129},"配置登录方式、会话超时、允许域名和 SSO 选项。排查账户锁定和登录失败问题。","md",{},true,"/zh/user/admin/authentication",{"title":5,"description":206},"zh/user/admin/authentication","M9SM3sFCCxNl5sLBC_9wm9nXFaEv8b0-HorI0jqL30U",1780539281735]