Additional options can be configured for Active Directory Enhanced authentication. These options are applied to all domains configured. The additional options are located in the Options pane in at the lower right of the Active Directory Enhanced dialog box:
-
Search User's Login Domain Only: When this option is selected, only the domain the user is logging in from is used to authenticate the user. This option should be used when multiple domains are mapped to an OnBase User Group, but each user's group membership in Windows is limited to their own domain.
-
No Serverless Binds: In environments where multiple domains are configured, and there is no trust between domains, enabling this feature may improve the time it takes users to log in. This option configures OnBase to avoid bind attempts that are likely to timeout and will immediately issue domain-specific binds instead.
-
Failover to Interactive Mode: If this option is selected, a login dialog box prompts the user to enter credentials (interactive login) if a user is attempting to authenticate from a domain that is not mapped. The user must still be able to authenticate against one of the domains configured in order to log in successfully, even if they are not currently logged in to one of those domains.
The Interactive User Authentication settings configured on the Directory Service Authentication dialog are still respected even with the Failover to Interactive Mode option selected.