Various forms of authentication are supported by i-net Clear Reports. The configuration allows to enable multiple authentication providers for users to log in with. The same user can have multiple login mechanisms activated for their account.

The configuration order of the providers also defines in which order they are presented to the user. If the guest account is enabled there will be a second login button in the toolbar. Providers working with Basic Authentication are handled using the username and password field of the login form. They may or may not offer a separate button in the login form.

The following providers are currently available:

• Product Authentication
• OAuth2 / OpenID Connect Authentication
• System Authentication
• Token Authentication
• Guest Account
• Single Sign On
• Master Password

Hint: There may be more authentication providers available through the plugin manager that are not yet enabled. Custom authentication providers can be implemented by extending our API.

Allows any new user who has successfully authenticated to access the application with permissions granted by the All users group.

If this option is deactivated, new users receive a new login prompt even after a successful login.

Note: If a user tries to authenticate with valid Windows login credentials but creation of new users is disabled, then no new account will be created and access will not be granted.

The session of a user is valid for 28 days to have them stay logged in by default. By disabling this option, the session timeout is set to 30 minutes. The session itself is renewed every 2 minutes so that an active user is practically not logged out. That is also true for a user that has the browser tab or application in the background.

The session usually only runs out in case the browser is closed or the computer is locked.

Note: The session timeout is specific to a computer and browser, or private browser tab.

The Reset Members action deletes all current memberships of all authentication groups. Any logged in user who is a member of any of these authentication groups is automatically logged out and must log in again. Only then are memberships of the authentication groups re-evaluated.

This option can be used, e.g. in case you see users that have not logged in for a long time in the Users and Groups manager who should have different user groups assigned.

The two-factor authentication - or 2FA in short - is an additional security measure for user accounts. Using the option "Force two-factor login for all users" it is ensured, that every user that did not yet sign up for 2FA will be forced to do so the next time they access the i-net Clear Reports server.

As per the two-factor authentication documentation there are multiple factors available to choose from for configuration. If your users should use email codes, make sure, that the server is set up with a valid outgoing email configuration and that every user has a en email address readily available in the Users and Groups application.

Note: Before activating this option, make sure that the prerequisite are met by the i-net Clear Reports server and the users. You should also inform your users about the measure beforehand.