General Settings

In the General Settings tab, you configure the following authentication settings.

Browser Sessions

To begin configuring SBM authentication, select the method SBM will use to manage user sessions.

Browser Authentication

After you determine how SBM will manage user sessions, select which option to use to obtain browser user credentials.

When you select either Windows Authentication or Third Party Authentication System, browser users are validated externally and logged in automatically without a login form. In the following section, you will determine which authentication source to use for validating Web service and API calls in these scenarios.

Authentication Sources

Finally, select the authentication source that SBM will validate credentials against. If you selected Windows Authentication or Third-Party Authentication System to collect identities, this selection determines how Web service calls and connections from the SBM API are authenticated.

When users are logged in automatically by using either Windows Authentication or a Third-Party Authentication System for browser authentication, selecting Internal SBM Database for Web services authentication potentially allows users to:
  • Access the repository from SBM Composer by specifying only the login ID with no password
  • Log in to SBM Application Repository by specifying only the login ID with no password
  • Make SBM Web service calls by specifying only the login ID and no password
By default, users in SBM are created without a password, which means any user that has not explicitly changed his or her password can log in by specifying a blank password. Therefore, either consider using SSO instead of session cookies or set passwords in SBM for every user.

User Session Time-Out

Depending on the authentication source and session management options that you select, you can optionally designate a User session time-out period. This setting forces users to re-authenticate if they have not actively used the system for the specified number of minutes. Enter a positive integer to have SBM automatically log out users who are inactive for the specified number of minutes.

If a User session time-out is set, the Web client polls the server once a minute to determine if the configured timeout has been exceeded. If no activity occurs and the user does not renew the session after a timeout warning appears, the client disconnects the session. If the timeout is exceeded and the user attempts to make a change in the browser before the next polling period after the timeout period has lapsed, the session is immediately disconnected and the user is prompted to log in again.

Note the following:

Login Form Options

Use the following options to display a login form and you are not using the SBM Login Form browser authentication option.

Enable login form

If you are not using the SBM Login Form option, select this option to display a login page if user validation fails with Windows Authentication, Third-Party Authentication, or Smart Cards. Clear the check box if you do not want the page to appear.

Display a login form on initial log in

If you selected Smart Card Login, select this option if you want to display a login form that requires users to click the Smart Card Login button on their first attempt to log in.

Related Topics


About Single Sign-On (SSO)

About Windows Domain Authentication

About LDAP Authentication

About Third-Party Authentication

Password Restrictions

Custom Authentication Settings

Other Settings