Configure Login, Authentication, and Inactivity Settings for Each Client

Configure login, authentication, and inactivity settings for the CSM Desktop Client, CSM Browser Client, and CSM Portal.

By default, the Browser Client and CSM Portal use the same settings as the Desktop Client. To specify unique settings for the Browser Client and CSM Portal, clear the Use Same Settings as Desktop Client check box on their respective pages, and then define the unique settings.

To configure login, authentication, and inactivity settings:

  1. In the CSM Administrator main window, select Security > Edit Security Settings.
    The Security Settings window opens.
  2. Select the Desktop Client page.
  3. In the Supported login modes area, select the login modes that you want to allow.

    You can enable multiple login modes so that if one authentication fails or the user or customer cancels the process, the next configured login method is invoked (SAML, then external authentication server, then LDAP, then Windows, then Internal). Not all of these options will necessarily be in your system if they have not been configured.

  4. Select general login option check boxes as applicable:
    • Display last logged-in User on Login page (Desktop Client only). If enabled, the user ID is stored in the registry on the user’s computer, which might be considered a security risk.
    • Allow Users to have system remember last password (auto-login) (Desktop Client only). If enabled, the password is stored in an encrypted format in the registry on the user’s computer, which might be considered a security risk.
    • Validate Windows/LDAP credentials on server. We recommend that you configure your server to use encrypted communication before enabling this feature so that credentials are not passed to the server in a potentially sniffable format.
    • Allow logging of authentication code (for troubleshooting). To assist with troubleshooting and debugging, select this option to write authentication-related messages to your log file. Log messages begin with the prefix AuthLog.

      To display authentication messages, enable logging in the Cherwell Server Manager and set the level to Info, Stats, or Debug.

  5. In the Default domain for login field, provide a default domain to use when users log in.
  6. Select Validate credentials via external authentication server.
  7. Select Require user to enter credentials to require users and customers to provide their credentials each time they log in.

    If this option is not selected, and users and customers are on the same domain as the Cherwell Authentication Server, then the user or customer's current Windows credentials are used to determine the person's identity. Otherwise, users and customers must provide their Windows domain/user ID and password on the login window.

  8. In the Authentication server URI field, provide the URI (location) of the external authentication server.

    Both client applications and the Cherwell Application Server must have access to this URL.

  9. In the Select Logout Inactive Users from Cherwell Client area (Desktop Client only):
    • Specify the minutes to wait before logging out an inactive user.
    • Select the warning period to warn users before they are automatically logged out and specify the minutes before the logout to send a warning where users can select stay logged in or log out.
  10. Select OK.