Configure sign in settings

In this tutorial you will learn how to customize the Common sign in page for Adaxes web interface, configure logon options (SAML-based single sign-on, integrated Windows authentication), modify brute force protection settings and other settings related to sign-in.

What is Common sign in

Adaxes web interface provides a common sign-in page that enables users to log in to different web interfaces from a single place. The feature can be configured to automatically redirect users to a specific web interface based on your rules, or allow users to select the web interface where they want to sign in.

By default, the Common sign in page allows users to select the web interface where they want to sign in. You can configure which web interfaces are available for selection and specify which interface will be selected by default.

You can also configure automatic web interface selection. Users will be unable to select a web interface and will instead be automatically redirected based on if/else rules. For example, if a user is a member of the Administrators group redirect them to the Administrator web interface.

 How to configure web interface selection

  • Open Adaxes web interface configurator.

  • In the drop-down list located in the top left corner, click Common sign in.

  • Configure the settings in the Web interface selection section.

  • Save the changes.

Disable Common sign in

If you will give your users direct links to specific web interface configurations, it might make sense to disable Common sign in.

 How to disable Common sign in

  • Open Adaxes web interface configurator.

  • In the drop-down list located in the top left corner, click Configure.

  • In the dialog that opens, clear the checkbox for Common sign in.

  • Click Done.

Sign-in settings

In this part of the tutorial you will learn how to configure the sign-in settings and restrictions:

  • Enable two-factor authentication.

  • Enable automatic logon or SAML-based single sign-on.

  • Customize brute force protection settings.

  • Allow users to sign in without specifying the domain part of the username. Example: jsmith instead of jsmith@example.com.

  • Allow users to sign in with another property instead of the username. For example, email address or employee ID.

  • Add custom HTML to the Sign In page.

  1. Open Adaxes web interface configurator.

     How

    • On the computer where web interface configurator is installed, open Windows Start menu.

    • Click Adaxes Web Interface Configurator.

    To configure the web interface, you need to have the appropriate permissions.

     Permissions

    The permissions to configure the web interface are delegated via security roles. By default, only service administrators have the appropriate permissions. To enable other users to configure the web interface, grant them the corresponding permissions.

    To create a security role that grants the permissions to configure web interface:

    • In Adaxes administration console, right-click your Adaxes service, point to New and click Security Role.

    • Enter a name for the new security role and click Next.

    • On the Permissions step, click the down arrow embedded into the Add button and click Configure Web Interface.

    • Click Next and follow the steps in the wizard.

  2. In the top left corner, select the web interface you want to customize.

    By default, all web interfaces use the Sign In settings of the Common sign in page. If you want a particular web interface to have different settings, select it in the list. Otherwise, select Common sign in.

  3. In the left navigation menu, click Sign in.

  4. To enable two-factor authentication:

    • Select Username/password authentication.

    • Select Enable two-factor authentication.

    • Select the authenticator app you want to use.

    After two-factor authentication is enabled, users will need to install the app on their device and activate it during the first sign in to the web interface. During subsequent sign ins, they will be prompted to enter a code generated by the app.

     View how it works {id=how2faworks}

    If a user loses their mobile device or gets a new one, they will need to re-activate the authenticator app on the new device. For details on how to do it, see Reset authenticator app.

  5. To enable single sign-on for the web interface you can use either Integrated Windows authentication or SAML authentication.

    Auto-logon (Integrated Windows authentication)

    Auto-logon means users won't have to enter their username and password to sign in. The web interface will use Kerberos/NTLM for authentication – all users will be signed in with the same account they used to log in to Windows.

    Single sign-on (SSO) using SAML

    SAML-based SSO enables the web interface to send requests to an external identity provider (Okta, Duo, etc.) to authenticate users. If a user is already authenticated against the provider, they will be automatically signed in to the web interface without further authentication. For details on how to configure SAML authentication, see Enable SAML-based single sign-on.

  6. To enable protection against brute force attacks, enable Brute force protection.

    For more details on how to configure brute force protection, see Prevent brute force attacks.

  7. In the Username section, you can configure settings related to the Username field.

  8. In the Page customization section, you can customize the top and bottom parts of the Sign In page.

  9. Save the changes.

© Softerra 2022. All rights reserved.
Contact us