In the determination of the user account for the OAuth 2.0/OpenID Connect authentication, the system checks whether the user account is enabled or disabled. You define which columns can mark a user account as enabled or disabled.
Note:
-
Only the columns of the table that you selected in the OAuth 2.0/OpenID Connect configuration of the identity provider in the Column to search are displayed.
-
A column can either be used as an enabled or a disabled column.
-
You can specify just enabled columns or just disabled columns, or a combination of enabled and disabled columns.
Example:
A search column references the ADSAccount table.
Case a) Only enabled Active Directory user accounts are allowed to login.
-
Select ADSAccount.AccountDisabled as the disabled column.
If the ADSAccount.AccountDisabled column of the user account is set, login is not permitted.
Case b) Only privileged Active Directory user accounts are allowed to login.
-
Select ADSAccount.IsPrivilegedAccount as the enabled column.
If the ADSAccount.IsPrivilegedAccount column of the user account is set, login is permitted.
Case c) Only enabled, privileged Active Directory user accounts are allowed to login.
-
Select ADSAccount.IsPrivilegedAccount as the enabled column and ADSAccount.AccountDisabled as the disabled column.
If the ADSAccount.IsPrivilegedAccount column of the user account is set and the ADSAccount.AccountDisabled column of the user account is not set, login is permitted.
To define which columns can enable a user account for login
-
In the Designer, select the Base data > Security settings > OAuth 2.0/OpenID Connect configuration category.
-
In the List Editor, select the configuration.
-
In the edit view, select the Columns for enabling tab.
-
In the Add assignment view, assign the columns that enable the user account for logon.
-
Select the Database > Save to database and click Save.
To define which columns can disable a user account for login
-
In the Designer, select the Base data > Security settings > OAuth 2.0/OpenID Connect configuration category.
-
In the List Editor, select the configuration.
-
Select the Columns for disabling tab in the edit view.
-
In the Add assignment view, assign the columns that disable the user account for logon.
-
Select the Database > Save to database and click Save.