open authorizaton and mendix login

Hi all, We’re using open authorization for authentication and single-singnon. The login.html redirects to the identity provider, but we have a login3.html which makes it still able to login as MxAdmin. How can restrict access to this login3.html ? For instance : login with MxAdmin only from certain IP addresses But also we want to avoid that a hacker tries to use this login page to enter the application with one of the existing users in the application. Is there a way to make sure that the password that has to be set in Mendix when the account is automatically created through the open authorization login flow can’t be used?
2 answers

I’d make sure the password is a randomly generated long string, so that guessing the password is difficult enough.


yep, there is: