If create custom authentication modules, assign them to the existing programs. In general, you do not need to change assignments of predefined authentication modules.
NOTE: Use non role-based authentication modules to log in to the Designer. Role-based authentication modules for logging in to the Designer are not supported.
To assign an authentication module to applications
-
In the Designer, select the Base data | Security settings | Authentication modules category.
-
Select View | Select table relations and enable the DialogProductHasAuthentifier table.
-
In List Editor, select the authentication module.
-
Assign the application in the Applications edit view.
-
Save the changes.
Related topics
To disable an authentication module for an application
-
In the Designer, select the Base data | Security settings | Programs category.
-
In List Editor, select the application and click on Usage overview.
-
In the Effective authenticators form element, select the authentication module.
-
Use the Edit object task to start the Object Editor.
-
In the Disabled property, set the value to True.
-
Save the changes.
To enable an authentication module for an application
-
In the Designer, select the Base data | Security settings | Programs category.
-
In List Editor, select the application and click on Usage overview.
-
In the Disabled authenticators form element, select the authentication module.
-
Use the Edit object task to start the Object Editor.
-
In the Disabled property, set the value to False.
-
Save the changes.
Related topics
The initial data is one part of the authentication string (parameter-value pair without module ID). Initial data from the authentication string is preallocated by default for each authentication instance.
The authentication string is formatted as follows:
Module=<name>;<property1>=<value1>;<property2>=<value2>,…
Example:
Module=DialogUser;User=<user name>;Password=<password>
To specify initial data
- In the Designer, select the Base data | Security settings | Authentication modules category.
- Select the authentication module and enter the data in Initial data.
Syntax:
property1=value1;property2=value2
Example
User=<user name>;Password=<password>
You can use different initial data depending on the authentication module.
Table 35: Initial data for authentication modules
|
System users |
DialogUser |
User |
User name. |
|
Password |
User password. |
|
Active Directory user account |
ADSAccount |
|
|
|
Active Directory user account (dynamic) |
DynamicADSAccount |
Product |
Use case. The system user is determined through the use case configuration data. |
|
Active Directory user account (manual input) |
DynamicManualADS |
Product |
Use case. The system user is determined through the use case configuration data. |
|
User |
User name. The user‘s identity is determined from a predefined list of permitted Active Directory domains. In the TargetSystem | ADS | AuthenticationDomains configuration parameter, enter the permitted Active Directory domains. |
|
Password |
User password. |
|
Active Directory user account (role-based) |
RoleBasedADSAccount |
|
No parameters required |
|
Active Directory user account (manual input/role-based) |
RoleBasedManualADS |
User |
User name. The user‘s identity is determined from a predefined list of permitted Active Directory domains. In the TargetSystem | ADS | AuthenticationDomains configuration parameter, enter the permitted Active Directory domains. |
|
Password |
User password. |
| Employee
|
Employee
|
User |
Employee's central user account. |
|
Password |
User password. |
|
Employee (dynamic) |
DynamicPerson |
Product |
Use case. The system user is determined through the use case configuration data. |
|
User |
User name. |
|
Password |
User password. |
|
Employee (role-based) |
RoleBasedPerson |
User |
User name. |
|
Password |
User password. |
|
HTTP header |
HTTPHeader |
Header |
HTTP Header to use. |
|
KeyColumn |
Comma delimited list of key columns in the Person table to be searched for user names.
Default: CentralAccount, PersonnelNumber |
|
HTTP header (role-based) |
RoleBasedHTTPHeader |
|
HTTP header to use. |
|
KeyColumn |
Comma delimited list of key columns in the Person table to be searched for user names.
Default: CentralAccount, PersonnelNumber |
|
LDAP user account (dynamic) |
DynamicLdap |
User |
User name.
Default: CN, DistinguishedName, UserID, UIDLDAP |
|
Password |
User password. |
|
LDAP user account (role-based)
|
RoleBasedLdap
|
User |
User name.
Default: CN, DistinguishedName, UserID, UIDLDAP |
|
Password |
User password. |
|
Generic single sign-on (role-based) |
RoleBasedGeneric |
SearchTable |
Table in which to search for the user name of the logged in user. This table must contain a FK named UID_Person that points to the Person table. |
|
SearchColumn |
Column from the SearchTable in which to search for the user name of the logged-in user. |
|
DisabledBy |
Pipe (|) delimited list of Boolean columns which block a user account from logging in. |
|
EnabledBy |
Pipe (|) delimited list of Boolean columns which release a user account for logging in. |
|
OAuth 2.0/OpenID Connect |
OAuth |
|
Dependent on the authentication method of the secure token service. |
| OAuth 2.0/OpenID Connect (role-based)
|
OAuthRoleBased
|
|
Dependent on the authentication method of the secure token service. |
|
Account based system user |
DialogUserAccountBased |
|
No parameters required |
|
User account |
QERAccount |
|
No parameters required |
|
User account (role-based) |
RoleBasedQERAccount |
|
No parameters required |
|
Password reset |
PasswordReset |
|
No parameters required |
|
Password reset (role-based) |
RoleBasedPasswordReset |
|
No parameters required |
Related topics
