Login
Various forms of authentication are supported by i-net Clear Reports. The configuration allows to enable multiple authentication providers for users to log in with. The same user can have multiple login mechanisms activated for their account.
The configuration order of the providers also defines in which order they are presented to the user. If the guest account is enabled there will be a second login button in the toolbar. Providers working with Basic Authentication are handled using the username
and password
field of the login form. They may or may not offer a separate button in the login form.
The following providers are currently available:
- Product Authentication
- OAuth2 / OpenID Connect Authentication
- System Authentication
- Token Authentication
- Guest Account
- Single Sign On
- Master Password
Hint: There may be more authentication providers available through the plugin manager that are not yet enabled. Custom authentication providers can be implemented by extending our API.
Allow Creation of new Users
Allows any new user who has successfully authenticated to access the application with permissions granted by the All users group.
If this option is deactivated, new users receive a new login prompt even after a successful login.
Note: If a user tries to authenticate with valid Windows login credentials but creation of new users is disabled, then no new account will be created and access will not be granted.
Users stay logged in
By default, a user's session remains active for 28 days, ensuring they stay logged in. If you disable this feature, the session will time out after 30 minutes. However, to prevent disruptions, the session refreshes every 2 minutes. This ensures that active users, even those with the browser tab or application running in the background, are seldom logged out. Typically, a session will expire only if the browser is closed or the computer is locked.
Note: Session timeouts are unique to each computer, browser, or private browsing tab.
Reset Authentication Groups
The Reset Members action deletes all current memberships of all authentication groups. Any logged in user who is a member of any of these authentication groups is automatically logged out and must log in again. Only then are memberships of the authentication groups re-evaluated.
This option can be used, e.g. in case you see users that have not logged in for a long time in the Users and Groups manager who should have different user groups assigned.
Force two-factor login for all users
The two-factor authentication - or 2FA in short - is an additional security measure for user accounts. Using the option "Force two-factor login for all users" it is ensured that every user who did not yet sign up for 2FA will be forced to do so the next time they access the i-net Clear Reports server.
As per the two-factor authentication documentation, there are multiple factors available to choose from for configuration. If your users should use email codes, make sure, that the server is set up with a valid outgoing email configuration and that every user has an email address readily available in the Users and Groups application.
Note: Before activating this option, make sure that the prerequisites are met by the i-net Clear Reports server and the users. You should also inform your users about the measure beforehand.
Disabled IPs
This advanced option allows to whitelist IP addresses that will not require the second factor. You can add multiple IPv4 and IPv6 addresses, separated by comma or semicolon. It can be used to distinguish requests to the server from a public IP address or from an internal network or a DMZ.
The IP address has to be one of the binding IP addresses on which the server is running with its published ports.
Note: Since force 2FA is enabled, users will have to add a second factor the first time they access the service from a non-disabled IP address.
Note: Disabling the 2FA requirement for an IP implies that no accounts, even administrative ones, do not require the second factor when logging in. This option should be handled with extreme caution.