Configure login, authentication, and inactivity settings for the
CSM Desktop Client,
CSM Browser Client,
and
CSM Portal.
By default, the
Browser Client
and
CSM Portal use
the same settings as the
Desktop Client. To specify unique settings for the
Browser Client
and
CSM Portal,
clear the
Use Same Settings as Desktop Client check box on
their respective pages, and then define the unique settings.
To configure login, authentication, and
inactivity settings:
- In the
CSM Administrator main window, select
.
The
Security Settings window opens.
- Select the
Desktop Client page.
- In the
Supported login modes area, select the login
modes that you want to allow.
Note: You can enable multiple login modes so that if one
authentication fails or the user or customer cancels the process, the next
configured login method is invoked (SAML, then external authentication server,
then LDAP, then Windows, then Internal). Not all of these options will
necessarily be in your system if they have not been configured.
- Select general login option check boxes as applicable:
- Display last logged-in User on Login
page (Desktop Client only). If enabled, the user ID is stored in the registry on the
user’s computer, which might be considered a security risk.
- Allow Users to have system remember last password
(auto-login) (Desktop Client only). If enabled, the password is stored in an encrypted format in
the registry on the user’s computer, which might be considered a security risk.
- Validate Windows/LDAP credentials on
server. We recommend that you configure your server to use
encrypted communication before enabling this feature so that credentials are
not passed to the server in a potentially sniffable format.
- Allow logging of authentication code (for
troubleshooting). To assist with troubleshooting and debugging,
select this option to write authentication-related messages to your log file.
Log messages begin with the prefix
AuthLog.
Note: To display authentication messages, enable logging in the
Cherwell Server
Manager
and set the level to Info, Stats, or Debug.
- In the
Default domain for login field, provide a
default domain to use when users log in.
- Select
Validate credentials via external authentication
server.
- Select
Require user to enter credentials to require
users and customers to provide their credentials each time they log in.
Note: If this option is not selected, and users and customers are on
the same domain as the
Cherwell Authentication Server, then the user or customer's current Windows
credentials are used to determine the person's identity. Otherwise, users and
customers must provide their Windows domain/user ID and password on the login
window.
- In the
Authentication server URI field, provide the
URI (location) of the external authentication server.
Note: Both client applications and the
Cherwell Application
Server
must have access to this URL.
- In the
Select Logout Inactive Users from Cherwell
Client area (Desktop Client only):
- Specify the minutes to wait before logging out an inactive
user.
- Select the warning period to warn users before they are
automatically logged out and specify the minutes before the logout to send a
warning where users can select stay logged in or log out.
- Select
OK.