Configure Login, Authentication, and Inactivity Settings for the CSM Portal and CSM Browser Client
By default, the CSM Web Applications (Browser Client and CSM Portal) use the same login mode and authentication settings as those configured for the Desktop Client; however, users can define different settings if needed.
To configure login, authentication, and inactivity settings for the Browser Client and CSM Portall:
- In CSM Administrator, select .
- Select Browser Client or Browser Portal.
- Clear the Use Same Settings as Desktop Client checkbox.
- In the
Supported login modes section, select the login
modes that you want to support:
Users can enable multiple login modes so if one authentication fails or the user/customer cancels the process, the next configured login method is invoked (SAML, then external authentication server, then LDAP, then Windows, then Internal). Not all of these options will appear in the system if they have not been configured.
When you use a secure login configuration (SAML, LDAP, or Windows), we strongly recommend that you activate the RedirectHttpToHttps flag in the CSM Portal and Browser Client for better security. The flag forces requests sent over HTTP protocol to use HTTPS instead.
- Internal: Allows
CSM authentication.
CSM authenticates the
CSM Login ID and Password defined in the
CSM Administrator User Profile ( ) or Customer Credentials ( ).
To use internal login credentials on a default domain, users must type CHERWELL\ in front of the user name (example: CHERWELL\Bob) to be able to log in.
- LDAP: Allows Directory Service authentication. CSM authenticates login credentials using a Directory Service such as LDAP or Active Directory. Depending on configuration, user/customer data can be imported based on LDAP data.
- SAML: Allows Security Assertion Markup Language (SAML) authentication.
- Windows: Allows Windows Authentication. CSM authenticates the Windows login credentials if set in the CSM Administrator User Profile ( ) or Customer Credentials ( ).
- Internal: Allows
CSM authentication.
CSM authenticates the
CSM Login ID and Password defined in the
CSM Administrator User Profile ( ) or Customer Credentials ( ).
- Configure general login options:
- Validate Windows/LDAP credentials on server: If you clear this
checkbox, Windows credentials are validated on the client, which is not as
secure unless you have full control of your network. If you select the
checkbox, the system cannot automatically log in the user/customer without
asking, (the user will have to type their credentials) but it is much more
secure. For this feature to work, the server must have access to the Windows
Domain or LDAP server.
For best results, configure your server to use encrypted communication before enabling this feature so that credentials are not passed to the server in a potentially sniffable format.
- Allow logging of authentication code (for troubleshooting): Select this checkbox to enable logging of authentication calls to troubleshoot configuration (example: When configuring LDAP setup). Then, use the Server Manager to enable logging in the CSM Portal and Browser Client.
- Validate Windows/LDAP credentials on server: If you clear this
checkbox, Windows credentials are validated on the client, which is not as
secure unless you have full control of your network. If you select the
checkbox, the system cannot automatically log in the user/customer without
asking, (the user will have to type their credentials) but it is much more
secure. For this feature to work, the server must have access to the Windows
Domain or LDAP server.
- Select OK.