AX1433
Login behavior options
The following options apply to all authentication types except SAML and OpenID authentication.
When a user logs in, Axiom Platform looks for a matching username within Axiom security and applies the specified authentication type for that user. For LDAP authentication and Windows authentication, if only one allowed domain or suffix is specified, that information can be assumed and the user does not need to include it when logging in. If multiple domains or suffixes are specified, the user must include that information as part of their username, for example, DomainName\UserName for Windows authentication).
Alternatively, you can configure your system so that all users must specify their authentication type and domain when logging in to Axiom Platform, using the Domain selection list. The Domain selection list displays the following:
- Axiom Named User (for Axiom prompt login)
- Each allowed Windows authentication domain (if Windows authentication is enabled for the installation)
- Each allowed LDAP suffix (if LDAP authentication is enabled for the installation)
When the domain selection list is enabled, the user must make the appropriate selection to log in. For example, a Windows authentication user must select their Windows domain name. Because it is specified separately, the domain or suffix does not need to be added to the username, even when multiple domains or suffixes are allowed.
You can enable or disable the Domain selection list using the AuthenticationDomainSelectionListRequired system configuration setting. By default, setting is False and the Domain selection list is displayed only if your system contains duplicate usernames that require you to specify the domain to differentiate those users. If this setting is True, the Domain selection list is displayed at all times.
If the Domain selection list is enabled, and if Windows authentication is enabled for the installation, the user's current domain is selected by default if that domain is one of the allowed domains. Otherwise, the first option in the list is selected by default. Options appear in the following order:
-
LDAP suffixes
-
Windows domains
-
Axiom-named user
Optionally, users can select Remember me on the login page to store their Axiom Platform authentication for future use. This information is encrypted and applies only to the current user for the current machine. The next time the user starts Axiom Platform on the current machine, they are not prompted to log in.
Although all Axiom Platform clients have a Remember Me check box on the login page, the remembered status is stored separately for access to the Web client versus the Desktop client. For example, users can select Remember Me when logging in to the Excel client, and that user is not prompted in subsequent sessions in either the Excel client or the Windows client. However, if the user attempts to access the Web client, they are prompted for credentials and can be remembered separately for the Web client.
NOTE: Logging out of a client clears the remembered status for that client type. Although the Excel client and Windows client do not have an explicit logout feature, logging out of the Word or PowerPoint add-in clears the remembered status for the Desktop client (but only if the user is not also logged into another instance of the Desktop client).
If you do not want users to have access to the Remember Me option and instead, log in each time, you can disable the feature by setting the system configuration setting ShowRememberMe to False. This setting hides the option from the various login pages. If a user already used the Remember Me option, hiding the setting does not clear the user's stored credentials, and the user continues to be remembered until they log out and cause their credentials to be cleared.
