User information - including login, password and other data - has its source in one of two places:
- Users who actively log into
will have a user record in one of the subtables of the People table. Users are generally imported, created manually, or generated through some other automated process.
- User data may also be stored in an external system, such as in LDAP or Microsoft Active Directory, which is used as the master set of user information. An Identity Provider stores the user's login and password across several applications or systems.
Even if a user is authenticated through LDAP or ADS,
How do Users Access the System?
- There are several ways to log in:
- Through a custom login page with a login block that may sit on the corporate web site.
- Through an autologin hyperlink or button that contains a login/password and other parameters – KB name, Table, State, Search, Record ID and so on – and that may be encrypted and time limited if it is sent in an outbound email.
- Through a single sign-on method – the user is logged into a corporate intranet or web portal already, and then clicks a hyperlink that passes the user information into the system to authenticate the user without having to enter a login again.
- Through the system login page.
- The system login is generally located at: https://hostname/gui2/login.jsp For certain servers http://hostname/gui2/login.jsp or http://hostname:8080/gui2/login.jsp may be used.
Custom login blocks can be added to any webpage using standard HTML like this:
Code Block language xml
<form method= "post" action="http://www.example.com/gui2/login.jsp" > <input type= "hidden" name= "KeyID" value="0" > <input type= "hidden" name= "state" value= "Main" > <input type= "hidden" name= "project" value= "KnowledgeBaseName" > <input type= "hidden" name="exiturl" value="http://www.example.com" > <input type= "hidden" name= "loginurl" value="http://www.example.com" > <table border= "0" width= "90%" > <tr><td align=left>Username:</td> <td> </td> <td> <input type="text" size= "30" maxlength= "50" name= "user" value= "admin"> </td> </tr> <tr><td align=left>Password:</td> <td> </td> <td> <input type="password" size= "30" maxlength= "50" name= "passwd" > </td> </tr> <tr> <td align=left> </td> <td> </td> <td> <input type= "submit" value= "Login" > </td> </tr> </table> </form>
To result in:
- To let users reset a forgotten password and receive a new password by email, first assign them to a group that permits this on the General tab of the group permissions.
- If you are using a custom login page, add a Send Password link or button to your login page that calls up another custom HTML page.
Reset Password Page
The HTML code required on the reset password page is shown below. You can add additional instructions or information for the user and insert this into your own website look and feel scheme:
Code Block language xml
<form action="http://[serverhostname]/gui2/resetPassword" method=post> Login:<input type=text name=login size=25 maxlength=50><br> or email address:<input type=text name=email size=25 maxlength=50><br> <input type="hidden" name="resettype" value="email" /> <input type="hidden" name="resettype" value="text message" /> <input type="hidden" name="mode" value="request" /> <input type=hidden name=project value=[KB Name]> <input type=submit value=Go> <form>
- Using this function does not mail the user the current password, as this could create a security problem. Instead, the password is changed to a random string of characters; this new password is sent by email and the user must then login and create a new password from inside the system.
Reset Password by SMS
In addition to email, you can allow users to receive a password reset token by SMS. A 6-digit SMS code is generated and sent to the cell phone number in the user's profile, if one exists. The login screen will change to an authentication screen where the user must enter the code.
After this, they can enter and confirm their new password.
- : Provides an overview of how users can access the system, as well as how you can create custom login pages and password reset pages.
- LDAP Access: Provides an overview of integrating Lightweight Directory Access Protocol (LDAP) with
to synchronize users, authenticate logins, and provide single sign-on support.
- Single Sign-on: Details different methods for using single sign-on with
, which is a method of simplifying user access by authenticating against a single identity source.
- Two-Factor Authentication: Describes how two-factor authentication works with
, which requires users to verify their identity using a code sent to their mobile device.
- Hyperlinks: Provides an overview of using hyperlinks to access the system, in addition to performing other actions.
- Exit and Login URLs: Details how to customize Exit and Login URLs, which determine where the user is taken when they log out or are timed out of the system, respectively.
- Groups: Provides an overview of how groups work in the system, as well as how to set group permissions with the Group Permissions wizard and the Table Permissions wizard.
- Teams: Provides an overview of how teams work in the system, as well as how to use the Teams wizard.
You can also control access by imposing IP address restrictions on your system. For more information, see Security.