Active Directory API Authentication Settings - Legacy Authentication Methods - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Essential - Premier - Standard

Legacy Authentication Methods

Platform
OnBase
Product
Legacy Authentication Methods
Release
Foundation 23.1
License
Essential
Premier
Standard

After your system has been configured to use Active Directory Enhanced, the Active Directory API Authentication Settings option is available under the Utils menu. These settings allow system administrators to prevent the OnBase API being used for brute-force password discovery attacks.

  1. Configure the settings in the Active Directory API Authentication Settings dialog:

    Option

    Description

    Security Level

    Active

    Incorrect login attempts are tracked and further login attempts are prevented if the failure threshold is reached.

    Inactive

    Incorrect login attempts are not tracked and no failure threshold is enforced.

    Forbid AD Authentication

    Any Active Directory login attempt using the API connection method automatically fails.

    Destination

    Internal Mail

    The OnBase user account that receives NT API Authentication Security notifications via internal mail.

    External Mail

    The external email address that receives NT API Authentication Security notifications.

    Notification

    Failed Login Notification

    Select how to report notices of failed login attempts. They can be logged in the Event Log and sent to the Internal Mail or External Mail addresses.

    Account Lockout Notification

    Select how to report notices of users locked out of their accounts. They can be logged in the Event Log and sent to the Internal Mail or External Mail addresses.

    System Lockout Notification

    Select how to report a notice of the system locking out all attempted connections using the API. It can be logged in the Event Log and sent to the Internal Mail or External Mail addresses.

    Lockouts

    System Lockout

    If the configured threshold of failed logins is reached, all future attempts to login using the API fail.

    • Interval: The amount of time in minutes that must elapse between failed login attempts.

    • Number of Failures: The number of failed login attempts that can occur in the Interval configured.

    • Number of Timed Lockouts: The number of System Timed Lockouts that can occur before all logins using the API are locked out.

    System Timed Lockout

    If the configured threshold of failed logins is reached, the system is locked out from using the API to login for the length of time configured.

    • Interval: The amount of time in minutes that must elapse between failed login attempts.

    • Number of Failures: The number of failed login attempts that can occur in the Interval configured before API connection attempts are locked out.

    • Duration: The amount of time in minutes that API connection attempts are locked out.

    Account Lockout

    If the configured threshold of failed logins is reached, all future attempts by that user to login using the API fail.

    • Interval: The amount of time in minutes that must elapse between failed login attempts.

    • Number of Failures: The number of failed login attempts that can occur in the Interval configured before API connection attempts are locked out.

    • Number of Timed Lockouts: The number of Account Timed Lockouts that can occur before all logins by that user using the API are locked out.

    Account Timed Lockout

    If the configured threshold of failed logins is reached, that user is locked out from using the API to login for the length of time configured.

    • Interval: The amount of time in minutes that must elapse between failed login attempts.

    • Number of Failures: The number of failed login attempts that can occur in the Interval configured before API connection attempts are locked out.

    • Duration: The amount of time in minutes that API connection attempts are locked out.

  2. Click Apply.