After your system has been configured to use Active Directory Enhanced, the Active Directory API Authentication Settings option is available under the Utils menu. These settings allow system administrators to prevent the OnBase API being used for brute-force password discovery attacks.
-
Configure the settings in the Active Directory API Authentication Settings dialog:
Option
Description
Security Level
Active
Incorrect login attempts are tracked and further login attempts are prevented if the failure threshold is reached.
Inactive
Incorrect login attempts are not tracked and no failure threshold is enforced.
Forbid AD Authentication
Any Active Directory login attempt using the API connection method automatically fails.
Destination
Internal Mail
The OnBase user account that receives NT API Authentication Security notifications via internal mail.
External Mail
The external email address that receives NT API Authentication Security notifications.
Notification
Failed Login Notification
Select how to report notices of failed login attempts. They can be logged in the Event Log and sent to the Internal Mail or External Mail addresses.
Account Lockout Notification
Select how to report notices of users locked out of their accounts. They can be logged in the Event Log and sent to the Internal Mail or External Mail addresses.
System Lockout Notification
Select how to report a notice of the system locking out all attempted connections using the API. It can be logged in the Event Log and sent to the Internal Mail or External Mail addresses.
Lockouts
System Lockout
If the configured threshold of failed logins is reached, all future attempts to login using the API fail.
-
Interval: The amount of time in minutes that must elapse between failed login attempts.
-
Number of Failures: The number of failed login attempts that can occur in the Interval configured.
-
Number of Timed Lockouts: The number of System Timed Lockouts that can occur before all logins using the API are locked out.
System Timed Lockout
If the configured threshold of failed logins is reached, the system is locked out from using the API to login for the length of time configured.
-
Interval: The amount of time in minutes that must elapse between failed login attempts.
-
Number of Failures: The number of failed login attempts that can occur in the Interval configured before API connection attempts are locked out.
-
Duration: The amount of time in minutes that API connection attempts are locked out.
Account Lockout
If the configured threshold of failed logins is reached, all future attempts by that user to login using the API fail.
-
Interval: The amount of time in minutes that must elapse between failed login attempts.
-
Number of Failures: The number of failed login attempts that can occur in the Interval configured before API connection attempts are locked out.
-
Number of Timed Lockouts: The number of Account Timed Lockouts that can occur before all logins by that user using the API are locked out.
Account Timed Lockout
If the configured threshold of failed logins is reached, that user is locked out from using the API to login for the length of time configured.
-
Interval: The amount of time in minutes that must elapse between failed login attempts.
-
Number of Failures: The number of failed login attempts that can occur in the Interval configured before API connection attempts are locked out.
-
Duration: The amount of time in minutes that API connection attempts are locked out.
-
- Click Apply.