Configure Login, Authentication, and Inactivity Settings for Each Client

By default, the Browser and Portal Clients use the same settings as the Desktop Client. To specify unique settings for Browser/Portal, clear the User Same Settings as Desktop Client check box on their respective pages, and then define the unique settings.

To configure login, authentication, and inactivity settings for the Desktop Client, Browser Client, and Customer Portal:

  1. In the CSM Administrator main window, click the Security category, and then click the Edit Security Settings task.

    The Security Settings window opens.

  2. Click the Desktop Client page. (To specify unique settings for Browser/Portal, click the respective pages, clear the Use Same Settings as Desktop Client check box on their respective tabs, and then define the unique settings.)
  3. Select the login modes you want to allow (Supported Login Modes area):
    Note: You can enable multiple login modes so that if one authentication fails or the User/Customer cancels the process, the next configured login method is invoked (SAML, then external authentication server, then LDAP, then Windows, then Internal). Not all of these options will necessarily be in your system if they have not been configured.
  4. Select general login option check boxes as applicable:
    • (Desktop Client only) Display last logged-in User on Login page. If enabled, the User ID will be stored in the registry on the User’s computer, which might be considered a security risk.
    • (Desktop Client only) Allow Users to have system remember last password (auto-login). If enabled, the password will be stored in an encrypted format in the registry on the User’s computer, which might be considered a security risk.
    • Validate Windows/LDAP credentials on server. We recommend that you configure your server to use encrypted communication before enabling this feature so that credentials are not passed to the server in a potentially sniffable format.
    • Allow logging of authentication code (for troubleshooting).
  5. Default Domain for Login: Provide a default domain to use when Users log in.
  6. Select the Validate credentials via external authentication server check box.
  7. Select the Require user to enter credentials: Select this check box to require Users/Customers to provide their credentials each time they log in.
    Note: If this is not selected, and Users/Customers are on the same domain as the Cherwell Authentication Server, then the User’s/Customer's current Windows Credentials are used to determine the person's identity. Otherwise, the User/Customer needs to provide their Windows domain/user ID and password to the login dialog.
  8. Authentication server URI: Provide the URI (location) of the external authentication server.
    Note: Both client applications and the Cherwell Application Server must have access to this URL.
  9. (Desktop Clients only) Select Logout Inactive Users from Cherwell Client.
    • Specify the Minutes to Wait before logging out an inactive User.
    • Select the Warning Period check box to warn Users before they are automatically logged out and specify the minutes before the logout to send a warning where Users can select to Stay Logged In or Log out now.
  10. Click OK.
© Copyright 2018 Cherwell Software, LLC. All rights reserved.