Other Settings

In the Other Settings tab, you configure optional authentication settings.

The following options are available (depending on your current selections on the General tab:

• Re-authenticate from outside URL

  Select this check box if you want to require users to re-authenticate after leaving the system and visiting another Web site. For example, a user logs in to SBM, and then visits http://www.MyFavoritePage.com. If the user then tries to use the back button to return to SBM, the user is prompted to log in again.

  • This also applies to pages within SBM if users enter an SBM URL directly into the address box or if users click the Refresh button on the browser. However, if users click a link or button on an SBM page that takes them to another SBM URL, they will not have to log in again.
  • This setting cannot be used in combination with the Single Sign-On (SSO) because SSO gathers user credentials differently. You must use SBM Session Cookies and either internal SBM passwords or LDAP authentication with for re-authentication to occur. (SBM Session Cookies are required because this is how user credentials are gathered for the re-authentication process).
  • If you are using LDAP authentication, users are automatically logged back in to SBM when the Re-authenticate from outside URL option is selected; however, the User session time-out setting can be configured to force users to re-authenticate if they have not actively used the system for a specified number of minutes.
• Disable users after failed login attempts

  Select this check box to disable accounts of users who fail to correctly authenticate after a specified number of login attempts. Set the number of login attempts between 1 and 10. After users exceed this number of attempts, their accounts are disabled and must be re-enabled by an administrator.

  • User accounts can be re-enabled in SBM Application Administrator.
  • This feature is only available if users are validated against the internal SBM database or LDAP.
• External Access

  If you want users to access SBM without logging in to your network domain, or if they are not stored in LDAP, enter the name of an application in IIS that uses anonymous authentication in the External Virtual Directory Name box. You will need to manually create this application in IIS, and ensure that it can execute ISAPI extensions (enabled via Handler Mappings in IIS 7).

  Note: If you add an external application in IIS, you must manually configure the application's native modules and select the ModSecurity IIS module to enable the same level of threat detection and prevention that is configured on the default SBM applications.
  • You must add the following MIME types to the new application that you create in IIS:
    • File name extension: .properties | MIME type: text/plain
    • File name extension: .woff | MIME type: application/font-woff
    • File name extension: .appcache | MIME type: text/cache-manifest
  • If users are validated against your Windows Domain, this option sets up two authentication methods for your system: Windows Authentication for internal users and validation against the Internal SBM Database for other users.
  • If users are validated against LDAP, this option sets up two authentication methods for your system: LDAP authentication and Internal SBM Database for non-LDAP users.
  • If you plan to use the e-mail response feature in SBM with Windows Authentication, you must specify an application in IIS with anonymous authentication. For more information, refer to Notification Server Options.
  • Select the check box in this section to restrict access so that only external users can access SBM through this anonymous application. External users are authenticated with their SBM passwords, which must be at least six characters in length.
    Note: For details, refer to the "How to Use Anonymous Authentication for External Users While Using Challenge/Response" document at https://www.microfocus.com/support-and-services/#SBM.
  Note: You configure external access for users, not administrators or designers. SBM Application Repository is not accessible externally, which means administrators cannot log in to SBM Application Repository or access the repository using SBM Composer from outside the domain; however, SBM Application Administrator can be accessed externally for administrators who need to manage users and projects.