Configure Login, Authentication, and Inactivity Settings for the CSM Portal and CSM Browser Client

By default, the CSM Web Applications (Browser Client and CSM Portal) use the same login mode and authentication settings as those configured for the Desktop Client; however, users can define different settings if needed.

To configure login, authentication, and inactivity settings for the Browser Client and CSM Portal:

  1. In CSM Administrator, select Security > Edit security settings.
  2. Select Browser Client or Browser Portal.
  3. Clear the Use Same Settings as Desktop Client checkbox.
  4. In the Supported login modes section, select the login modes that you want to support:

    Users can enable multiple login modes so if one authentication fails or the user/customer cancels the process, the next configured login method is invoked (SAML, then external authentication server, then LDAP, then Windows, then Internal). Not all of these options will appear in the system if they have not been configured.
    When you use a secure login configuration (SAML, LDAP, or Windows), we strongly recommend that you activate the RedirectHttpToHttps flag in the CSM Portal and Browser Client for better security. The flag forces requests sent over HTTP protocol to use HTTPS instead.

    • Internal: Allows CSM authentication. CSM authenticates the CSM Login ID and Password defined in the CSM Administrator User Profile (Security > Edit Users) or Customer Credentials (Customer > Portal Settings).

      To use internal login credentials on a default domain, users must type CHERWELL\ in front of the user name (example: CHERWELL\Bob) to be able to log in.

    • LDAP: Allows Directory Service authentication. CSM authenticates login credentials using a Directory Service such as LDAP or Active Directory. Depending on configuration, user/customer data can be imported based on LDAP data.
    • SAML: Allows Security Assertion Markup Language (SAML) authentication.
    • Windows: Allows Windows Authentication. CSM authenticates the Windows login credentials if set in the CSM Administrator User Profile (Security > Edit Users) or Customer Credentials (Customer > Portal Settings).
  5. Configure general login options:
    1. Validate Windows/LDAP credentials on server: If you clear this checkbox, Windows credentials are validated on the client, which is not as secure unless you have full control of your network. If you select the checkbox, the system cannot automatically log in the user/customer without asking, (the user will have to type their credentials) but it is much more secure. For this feature to work, the server must have access to the Windows Domain or LDAP server.

      For best results, configure your server to use encrypted communication before enabling this feature so that credentials are not passed to the server in a potentially sniffable format.

    2. Allow logging of authentication code (for troubleshooting): Select this checkbox to enable logging of authentication calls to troubleshoot configuration (example: When configuring LDAP setup). Then, use the Server Manager to enable logging in the CSM Portal and Browser Client.
  6. Select OK.