In this tutorial you will learn how to customize the Common Sign In page for Adaxes Web Interface, configure logon options (SAML-based single sign-on, integrated Windows authentication), modify brute force protection settings, and other options related to sign-in.
Adaxes Web Interface provides a common sign-in page that enables users to log in to different Web Interfaces from a single place. The feature can be configured to either allow users to manually select the Web Interface they want to use, or automatically redirect them to a Web Interface based on the rules you define.
By default, the Common Sign In page allows users to select themselves the Web Interface they want to log in to. You can configure which Web Interfaces are available for selection and specify the Web Interface to select default.
Alternatively you can enable automatic selection of Web Interfaces. When enabled, users cannot select a Web Interface, and get automatically redirected based on if/else rules. For example, if a user is a member of the Administrators group, they can be automatically redirected to the Web Interface for Administrators.
If you don't want the Common Sign In page to be available to users, you can disable the Common Sign In feature.
In this part of the tutorial you will learn how to:
To configure options related to the Sign-In page of the Web Interface:
Open Adaxes Web Interface Configurator.
The permissions to configure the Web Interface are delegated via Security Roles. By default, only Service Administrators have the appropriate rights. To enable other users to configure the Web Interface, grant them the corresponding permissions.
In the top left corner, select the Web Interface you want to customize.
By default, all Web Interfaces use the Sign In settings of the Common Sign In page. If you want a particular Web Interface to have different settings, select it in the list. Otherwise, select Common Sign In.
In the left navigation menu, click Sign In.
To enable two-factor authentication:
After two-factor authentication is enabled, users will need to install the app on their device and activate it upon the first login to the Web Interface. During subsequent logins, they will be prompted to enter a code generated by the app to sign in.
If a user loses their mobile device or gets a new one, they will need to re-activate the authenticator app on the new device. For details on how to do it, see Reset authenticator app.
To enable single sign-on for the Web Interface you can use either Integrated Windows Authentication or SAML authentication.
Auto-login (Integrated Windows authentication)
If automatic logon is enabled, users will not need to enter their username and password to sign in, and the Web Interface will use Kerberos/NTLM for authentication. It means that all users will be signed in using the same account used to log in to Windows.
Single sign-on (SSO) using SAML
If SAML authentication is enabled, the Web Interface will send a request to an external identity provider (Okta, OneLogin, Azure AD, etc.) to authenticate the user. If a user is already authenticated against the provider, they will be automatically logged in to the Web Interface without any authentication process. For details on how to configure SAML authentication settings, see Enable SAML-Based Single Sign-On.
To enable protection against brute force attacks, select the Brute Force Protection option.
For details on how to configure brute force protection, see Prevent Brute Force Attacks.
In the Username section, configure settings related to the Username field.
In the Page Customization section, you can customize the top and bottom parts of the Sign In page.
Save the changes.