In this article, we will explore Kepion integration with three Windows authentication modes. We will specifically cover:
- Windows integration options
- Changing authentication modes
- Customizing session timeout
Tip: If you want to want an overview of our authentication setups, refer to the Authentication and Active Directory Options article. Kepion also supports authentication via Active Directory Federation Services (ADFS) and Azure Active Directory (Azure AD).
Integration Options
When authenticating via a Windows domain account, there are two main options: automatic sign in via Integrated Windows Authentication (IWA), and a modern sign-in page. The table below shows the options supported by each configuration:
Kepion Authentication Mode | IWA | Sign In Page |
---|---|---|
WINDOWS | X | X |
WINDOWS_INTEGRATED | X | |
WINDOWS_LIMITED | X |
Note: The sAMAccountName attribute in AD is required to validate users in Kepion.
Windows
The default authentication setup for all Kepion instances, this option allows users to choose to sign in with IWA. IWA automatically authenticates users by the Windows domain account they are currently signed into, or by entering the credentials to a valid Windows domain account via the Kepion sign-in page.
If you want to customize your session timeout, go to AddAuthTimeoutInHours section below.
Windows Integrated
The legacy default authentication option when you set up a Kepion instance. Starting with Kepion version 6.0.21215, all installations now default to the Windows authentication option above. In this setup, authentication is always handled through IWA. This means users are automatically authenticated to use Kepion while signed in to their Windows domain account.
Note: As your Kepion account is integrated with your Windows account, it is impossible to sign out of your Kepion account.
Windows Limited
In this setup, authentication is not integrated with a Windows domain account. Users must manually enter valid credentials via the Kepion sign-in page to access their account.
Change Authentication Mode
To change the authentication mode from the default (WINDOWS):
1. Open SQL Server Management Studio (SSMS) and connect to your SQL Server Instance.
2. Select New Query.
3. Use an UPDATE command to change the value of AuthMode in dbo.Authentication (found under CPMAppHost).
For example, the SQL query to change to Windows Limited would be:
UPDATE [CPMAppHost].[dbo].[Authentication]
SET Value = 'WINDOWS_LIMITED'
WHERE Name = 'AuthMode';
Note: Replace WINDOWS_LIMITED with WINDOWS_INTEGRATED to switch to Windows Integrated instead.
4. Select Execute.
Customize Session Timeout
By default, the only key in the dbo.Authentication table is AuthMode. To customize your session timeout, you need to run a SQL query the AuthTimeoutInHours key with your desired timeout duration into the table.
USE [CPMAppHost]
GO
INSERT INTO [dbo].[Authentication]
([Name]
,[Value])
VALUES
('AuthTimeoutInHours'
,1);
Note: Replace the 1 value with however many hours you prefer for your session timeout.
Comments
0 comments
Please sign in to leave a comment.