AX1433
Login behavior options
The following options apply to all authentication types except SAML and OpenID Authentication.
When a user logs in, Axiom Software looks for a matching user name within Axiom security and applies the specified authentication type for that user. For LDAP Authentication and Windows Authentication, if only one allowed domain or suffix is specified, that information can be assumed and the user does not need to include it when logging in. If multiple domains or suffixes are specified, then the user must include that information as part of their user name. For example: DomainName\UserName for Windows Authentication.
Alternatively, you can configure your system so that all users must specify their authentication type / domain when logging into Axiom Software, using the Domain selection list. The Domain selection list displays the following:
- Axiom Named User (for Axiom Prompt login)
- Each allowed Windows Authentication domain (if Windows Authentication is enabled for the installation)
- Each allowed LDAP suffix (if LDAP Authentication is enabled for the installation)
When the Domain selection list is enabled, the user must make the appropriate selection in order to log in. For example, a Windows Authentication user must select their Windows domain name. Because it is specified separately, the domain or suffix does not need to be added to the user name, even when there are multiple allowed domains or suffixes.
The following screenshot shows an example of the Domain selection list. In this example, the installation has enabled Windows Authentication with two allowed domains. The two domain names display on the selection list as well as the choice to log in as an Axiom Named User.
The Domain selection list can be enabled or disabled using the AuthenticationDomainSelectionListRequired system configuration setting. By default this is set to False, which means the Domain selection list only displays if your system contains duplicate user names that require the domain to be specified to differentiate those users. If you set this to True, then the Domain selection list displays at all times.
If the Domain selection list is enabled, and if Windows Authentication is enabled for the installation, then by default the user's current domain will be selected in the list (if that domain is one of the allowed domains). Otherwise, the first option in the list is selected by default. Options are ordered as follows: LDAP suffixes, Windows domains, Axiom Named User.
Users can optionally select Remember me at the login screen to store their Axiom Software authentication for future use. This information is encrypted and only applies to the current user for the current machine. The next time the user starts Axiom Software on the current machine, they will not be prompted to log in.
Although all Axiom Software clients have a Remember Me check box on the login screen, note that the remembered status is stored separately for access to the Web Client versus the Desktop Client. For example, a user can choose Remember Me when logging into the Excel Client, and then that user will not be prompted when subsequently accessing either the Excel Client or the Windows Client. However, if the user attempts to access the Web Client, they will be prompted for credentials (and can then choose to be separately remembered for the Web Client).
NOTE: Logging out of a client will clear the remembered status for that client type. Although the Excel Client and Windows Client do not have an explicit log out feature, logging out of the Word or PowerPoint add-in will clear the remembered status for the Desktop Client (but only if you are not also currently logged into another instance of the Desktop Client).
If you do not want users to have access to the Remember Me option, so that they must log in each time, then you can disable the feature by setting the system configuration setting ShowRememberMe to False. This will hide the option from the various login screens. Keep in mind that if a user has already used the Remember Me option, hiding the setting will not clear the user's stored credentials. The user will continue to be remembered until they log out and cause their credentials to be cleared.
