Authentication

Authentication is a global server configuration property that controls user authentication and authorization process.

Key name in the configuration file: externalAuthentication

Value type: String

Possible values: Disabled (other values depend on active plugins)

Default value: Disabled

Controls external authentication of Iotellect Server users, such as authentication via LDAP / Microsoft Active Directory.

Key name in the configuration file: externalRegisterLink

Value type: String

Possible values: Any valid URL

Default value: ""

URL to that a user will be redirected for an external registration from the web UI. This setting is used to allow users to register in a third-party system and then use external authentication to access Iotellect Server.

Key name in the configuration file: multiFactorAuthenticationAction

Value type: String

Possible values: Context path to a workflow that returns a boolean value

Default value: ""

Allows a custom authentication workflow to be specified for all users. If a workflow is indicated, it is launched upon every login attempt and dictates whether a user is granted access. The specified workflow must return a boolean-like value (True, 1) for successful authentication. Any other return value, or a failure to execute the workflow, will deny access.

Important Considerations:

• Global Effect: The authentication workflow will be launched for all users.

• Anonymous Permissions: The authentication workflow must have "Operator" permissions granted via Anonymous Permissions. This should be configured before activating the MFA.

• Lockout Risk: Incorrectly configuring the authentication workflow (for example, using an authentication workflow that returns a non-boolean value, or has insufficient anonymous permissions) will lock all users out of the system, including administrators.

• Safe Mode Bypass: In the event of a lockout, Multi-Factor Authentication can be disabled by restarting the server in safe mode.

Key name in the configuration file: userConnectionMode

Value type: Integer

Possible values: 0 for Allow Concurrent Connections, 1 for Disconnect Last and 2 for Restrict Concurrent Connections

Default value: 0

Defines different user connection policies.

• Allow Concurrent Connections mode enables you to log into the system multiple times using the same user

• When Disconnect Last mode is enabled every new connection to the server terminates old session with the same user

• Restrict Concurrent Connections mode makes it impossible to log into the system with the user that is already connected

Some user interfaces created in the Web UI may establish more than one simultaneous connection with the server. Such multi-connection UIs will not be compatible with Disconnect Last and Restrict Concurrent Connections modes.

Key name in the configuration file: newUserActivationExpression

Value type: String

Possible values: Expression

Default value: Null

Allows to execute custom expression on user registration. If result is evaluated to null user will be activated, otherwise account will be disabled. The default context for expression is a context of new user.

Key name in the configuration file: numberLoginAttempts

Value type: Integer

Possible values: 1 or more

Default value: 3

Number of unsuccessful login attempts allowed before a user account will be locked for period of time specified by Account Lockout Duration.

Key name in the configuration file: accountLockoutDuration

Value type: Integer

Possible values: 1 or more

Default value: 30000

Period of time for that a certain user's login will be prohibited after several unsuccessful login attempts.

Key name in the configuration file: timeoutBeforeNextLoginAttempt

Value type: Integer

Possible values: 1 or more

Default value: 5000

Minimal time period allowed before login attempts. If another login attempt is performed before this period elapses after an unsuccessful login attempt, the new attempt will fail regardless of whether the credentials are correct.

Was this page helpful?

Tell us more

Send

Thank you!