Introduction
In this article, we will explore Kepion integration with Windows Authentication. We will cover the following:
- Windows Authentication Modes
- Change Authentication Mode
- Customize Session Timeout
Tip: To learn more about the supported authentication options, see Authentication and Active Directory Options.
Windows authentication modes
There are three Windows Authentication Modes that control the user sign-in behavior:
Windows Authentication Mode | IWA | Sign-In Credential |
---|---|---|
Windows (default) | X | X |
Windows Limited | X | |
Windows Integrated (obsolete) | X |
- Automatic sign in via Integrated Windows Authentication (IWA)
- User provided Sign-In Credential
Attention: Starting with Kepion version 6.1.22133, Windows Integrated mode becomes obsolete and will be switched to the Windows mode. Users will be prompted to sign in when their session expires.
Windows
The default authentication mode for Kepion, this option allows users to choose the method to sign in with:
- Sign in with your Windows account: This option uses IWA to sign you into Kepion using your current signed-in Windows credentials.
- Sign in with the following credential: This option allows you to enter an email (aka UPN) or domain credential and password.
Windows Limited
In this setup, users must manually enter an email (aka UPN) or domain credential and password.
Windows Integrated
Attention: Starting with Kepion version 6.1.22133, Windows Integrated mode becomes obsolete and will be switched to the Windows Standard mode. Users will be prompted to sign in when their session expires.
In this setup, authentication is handled through IWA. This means users are automatically authenticated using their current signed in Windows domain account.
Note: It's impossible to sign out of your Kepion account in Windows Integrated mode, as IWA will automatically sign you back in with your current signed-in Windows domain account. This behavior is not ideal for user security, and therefore this mode has been obsoleted.
Change authentication mode
Attention: From Kepion version 6.123144, authentication is handled in the SystemSettings table. While it is possible to change authentication modes in SSMS, we recommend referring to this article to learn how to change Windows authentication modes directly in the product.
Review the following table to see the AuthMode value to use when changing the Authentication Mode:
Windows Authentication Mode | AuthMode |
---|---|
Windows Standard (default) | WINDOWS_STANDARD |
Windows Limited | WINDOWS_LIMITED |
Windows Integrated (obsolete) | WINDOWS_INTEGRATED |
1. Open SQL Server Management Studio (SSMS) and connect to your server.
2. Expand Kepion_System, right-click the dbo.Authentication table, and choose Edit Top 200 Rows.
Note: Kepion_System is the default Kepion System database name and was called CPMAppHost before the release of Kepion version 6.1.22257. The name could also be different if you changed it. Ensure you look for and use the appropriate System database name.
3. Update the AuthMode value and close the window to save.
Alternatively, you can use the following SQL script to change the AuthMode to a value of your choice:
USE [Kepion_System]
GO
UPDATE [dbo].[Authentication]
SET Value = 'WINDOWS_LIMITED'
WHERE Name = 'AuthMode';
Customize session timeout
By default, the session timeout is set to 7 days. To customize this value, you will need to have a AuthTimeoutInHours key with your desired timeout duration in the dbo.Authentication table.
You can use the following SQL script to update the AuthTimeoutInHours:
USE [Kepion_System]
GO
DELETE FROM [dbo].[Authentication] WHERE [Name] = N'AuthTimeoutInHours';
INSERT INTO [dbo].[Authentication] ([Name], [Value])
VALUES (N'AuthTimeoutInHours', 1); -- Set session timeout to 1 Hour
SELECT * FROM [dbo].[Authentication];
Note: Kepion_System is the default Kepion System database name and was called CPMAppHost before the release of Kepion version 6.1.22257. The name could also be different if you changed it. Ensure you use the appropriate System database name.
Note: AuthTimeoutInHours is set in hours.