The following options are available to define how OnBase authenticates users. This module reference guide explains how to configure OnBase to allow for tighter security controls and a more streamlined user experience by integrating user authentication with existing Active Directory and LDAP authentication schemes.
This table provides a high-level overview of the authentication methods available, with links to more detailed sections following the table.
|
Authentication Method |
Description |
Interactive/Automatic Login Notes |
|---|---|---|
|
Internal Security |
Standard OnBase login if no other authentication mode is configured. See Internal Security. |
By default, users are prompted to provide credentials to log in to OnBase(interactive login). Does not allow syncing OnBase user accounts with domain users and groups. Non-interactive/automatic logins can be accomplished with the AL command-line switch or by converting to the Active Directory Advanced or LDAP methods. |
|
Active Directory - Enhanced |
Windows-based integrated security method that provides control over domain group mappings. |
By default, users are not prompted to provide credentials to log in to OnBase(non-interactive/automatic login). The user account currently logged in to the workstation is used to automatically authenticate the user in OnBase. Allows for syncing OnBase user accounts with domain users and groups. Can be configured to failover to interactive logins. In order for non-interactive logins to work with modules that require the Web or Application Server, the user's workstation must be joined to the same Windows domain as the server. |
|
Active Directory Federation Services (AD FS) |
The OnBase Web Server and Application Server can be configured to use Microsoft Active Directory Federation Services (AD FS) authentication. |
By default, users of modules that use the OnBase Web or Application Server (Core-based modules) are not prompted to provide credentials to log in to OnBase(non-interactive/automatic login). The user account currently authenticated in AD FS is used to automatically authenticate the user in Core-based OnBase modules. Allows for syncing OnBase user accounts with domain users and groups. Does not failover to interactive logins. AD FS can be used with the OnBase Web and Unity Clients. AD FS does not apply to logins to the OnBase Client and Configuration modules. |
|
LDAP |
Authenticates users in OnBase based on the user's account on an LDAP server. Users are granted rights in OnBase based on their LDAP group memberships, which must correspond to OnBase User Groups. See LDAP Security. |
By default, users are not prompted to provide credentials to log in to OnBase(non-interactive/automatic login). The user account currently logged in to the workstation is used to automatically authenticate the user in OnBase. Allows for syncing OnBase user accounts with domain users and groups. Does not failover to interactive logins. In order for non-interactive logins to work with modules that require the Web or Application Server, the user's workstation must be joined to the same Windows domain as the server. |