General Settings → Authentication → General Settings
In the General Settings tab, you configure the following authentication settings.
To begin configuring SBM authentication, select the method SBM will use to manage user sessions.
SSO enables users to provide their login credentials once, receive a security token in return, and then use this token again to access other SSO-enabled tools without logging in again. Because SSO offers a single point of access to SBM that enhances the end-user experience, consider selecting this option to manage SBM user sessions. For more information, refer to About Single Sign-On (SSO).
Optimizes the performance of log in and log out features and is recommended for browsers that support cookies.
After you determine how SBM will manage user sessions, select which option to use to obtain browser user credentials.
Displays a login form in the Web browser to gather user credentials.
Credentials of the user logged in to the workstation are used to log in automatically.
Note the following important information about using Single Sign-On with Windows Authentication:
Browser user credentials are collected and authenticated by a SAML2 identity provider or another identity management system. You will configure additional settings on the External Identity Provider tab that appears.
Enables users to log in using Smart Cards. To set up Smart Card authentication, you must configure how authentication is handled and how user identities are managed on the Custom Authentication tab. For details, refer to Custom Authentication Settings.
When you select either Windows Authentication or Third Party Authentication System, browser users are validated externally and logged in automatically without a login form. In the following section, you will determine which authentication source to use for validating Web service and API calls in these scenarios.
Finally, select the authentication source that SBM will validate credentials against. If you selected Windows Authentication or Third-Party Authentication System to collect identities, this selection determines how Web service calls and connections from the SBM API are authenticated.
Uses SBM login IDs and internal SBM passwords to authenticate users.
Validates users against LDAP using SBM Application Engine.
Validates users against LDAP using SBM Application Engine first, and then against the internal SBM database if the user is not found in LDAP.
Validates users against LDAP using SSO.
Validates users against LDAP using SSO first, and then against the internal SBM database if the user is not found in LDAP.
Uses the Windows security system for authentication. User login IDs and passwords are authenticated against your Windows domain.
The domain that is used for validation differs as follows depending on the session management option that you select:
Depending on the authentication source and session management options that you select, you can optionally designate a User session time-out period. This setting forces users to re-authenticate if they have not actively used the system for the specified number of minutes. Enter a positive integer to have SBM automatically log out users who are inactive for the specified number of minutes.
If a User session time-out is set, the Web client polls the server once a minute to determine if the configured timeout has been exceeded. If no activity occurs and the user does not renew the session after a timeout warning appears, the client disconnects the session. If the timeout is exceeded and the user attempts to make a change in the browser before the next polling period after the timeout period has lapsed, the session is immediately disconnected and the user is prompted to log in again.
Note the following:
For more details, refer to solution S142506.
Use the following options to display a login form and you are not using the SBM Login Form browser authentication option.
Enable login form
If you are not using the SBM Login Form option, select this option to display a login page if user validation fails with Windows Authentication, Third-Party Authentication, or Smart Cards. Clear the check box if you do not want the page to appear.
Display a login form on initial log in
If you selected Smart Card Login, select this option if you want to display a login form that requires users to click the Smart Card Login button on their first attempt to log in.
Copyright © 2007–2019 Micro Focus or one of its affiliates. All rights reserved.