Submit a request

Integrate Kepion with Windows Authentication

Avatar
Kepion Support
  • Updated

In this article, we will explore Kepion integration with three Windows authentication modes. We will specifically cover: 

 

  • Windows integration options
  • Changing authentication modes
  • Customizing session timeout

 

Tip: If you want to want an overview of our authentication setups, refer to the Authentication and Active Directory Options article. Kepion also supports authentication via Active Directory Federation Services (ADFS) and Azure Active Directory (Azure AD). 

 

Integration Options 

When authenticating via a Windows domain account, there are two main options: automatic sign in via Integrated Windows Authentication (IWA), and a modern sign-in page. The table below shows the options supported by each configuration:

 

Kepion Authentication Mode IWA Sign In Page
WINDOWS X X
WINDOWS_INTEGRATED X  
WINDOWS_LIMITED   X

 

Note: The sAMAccountName attribute in AD is required to validate users in Kepion.

 

 

Windows

The default authentication setup for all Kepion instances, this option allows users to choose to sign in with IWA. IWA automatically authenticates users by the Windows domain account they are currently signed into, or by entering the credentials to a valid Windows domain account via the Kepion sign-in page.

 

If you want to customize your session timeout, go to AddAuthTimeoutInHours section below. 

 

Windows-default.png

 

 

Windows Integrated

The legacy default authentication option when you set up a Kepion instance. Starting with Kepion version 6.0.21215, all installations now default to the Windows authentication option above. In this setup, authentication is always handled through IWA. This means users are automatically authenticated to use Kepion while signed in to their Windows domain account.

 

Note: As your Kepion account is integrated with your Windows account, it is impossible to sign out of your Kepion account.

 

 

Windows Limited

In this setup, authentication is not integrated with a Windows domain account. Users must manually enter valid credentials via the Kepion sign-in page to access their account.

 

WindowsLimited.png

 

 

Change Authentication Mode

To change the authentication mode from the default (WINDOWS):

1. Open SQL Server Management Studio (SSMS) and connect to your SQL Server Instance.

2. Select New Query

3. Use an UPDATE command to change the value of AuthMode in dbo.Authentication (found under CPMAppHost). 

 

SSMS.PNG

 

For example, the SQL query to change to Windows Limited would be: 

 

UPDATE [CPMAppHost].[dbo].[Authentication]
SET Value = 'WINDOWS_LIMITED'
WHERE Name = 'AuthMode';

 

Note: Replace WINDOWS_LIMITED with WINDOWS_INTEGRATED to switch to Windows Integrated instead. 

 

4. Select Execute

 

SQL_query.PNG

 

SQLwindowsintegrated.PNG

 

 

Customize Session Timeout

By default, the only key in the dbo.Authentication table is AuthMode. To customize your session timeout, you need to run a SQL query the AuthTimeoutInHours key with your desired timeout duration into the table. 

 

USE [CPMAppHost]
GO

INSERT INTO [dbo].[Authentication]
    ([Name]
    ,[Value])
VALUES
    ('AuthTimeoutInHours'
    ,1);

 

Note: Replace the 1 value with however many hours you prefer for your session timeout. 

 

authtimeoutinhours.PNG

Comments

0 comments

Please sign in to leave a comment.

Related articles