Configuring User Authentication Options ======================================= General Options --------------- General options for authentication criteria, device ownership, logon recovery, and restrictions can be found under **Preferences > User Authentication > User Authentication** Available Options ''''''''''''''''' - **Authentication Criteria** - Select **Node** or **Device** (Mac+IP or MAC). - **Authorized IP** - Specify whether to automatically set Authorized IP as IP address first authenticated from. This applies when the Authorized IP in the User Management settings is blank. - **Authorized MAC** - Specify whether to automatically set Authorized MAC as MAC address first authenticated from. This applies when the Authorized MAC in the User Management settings is blank. - **Automatic Ownership** - Specify whether to automatically assign User and Department ownerships to IP and/or MAC when a user is authenticated. - **Regex for Username** - Enter a regular expression to validate username. - **Hiding Username** - Hide username under asterisks during authentication/ - **Log Out Button** - Specify whether to display Log Out button in CWP page. - **Find Username / Reset Password** - Enable or disable recovery for lost username/password. - **Verification code valid time** - Set the validity code valid time for sms 2 factor authentication ( 2fa / mfa ) - **Displaying Authentication Info** - Specify whether to display User Authentication Information in Agent Tray Menu and CWP page. - **User Info for Node Info** - Specify whether to add User Information (Name and Description) into Node Information for User Account Request approval. Configuring Authentication Options by Single node ------------------------------------------------- #. Click a node **IP Address** and select **Policy tab** #. Select one option under **User Authentication Policy** Available Options ''''''''''''''''' - **Comply with Authentication Policy under Node Policy** - **Require User Authentication (Allow All Users)** - **Require User Authentication (Allow Specified User(s))** Configuring Authentication Options by Group ------------------------------------------- Node Authentication policies determine when and how nodes of a given group will be required to authenticate, as well as the conditions of the process. To configure options for authentication methods, requirements, time restrictions and logon procedure, select a node policy under **Policy > Node Policy > [Policy Name]** and scroll down to **Advanced > Authentication** in the main panel. Available Options ''''''''''''''''' - **Authentication Method** - Select **Host Authentication** (Allow by node identity) or **Password Authentication**. - For **Password Authentication** specify allowed **Authentication Sources** and Enable/Disable **2 Factor Authentication.** ( 2fa / mfa ) - **Single Sign-On Method** - Select **Active Directory**, **External API** or **Genian API** and enter required info. - **Auth User Group** - Select a user group to allow for authentication from the policy member nodes. - **Auto-Logout** - Enable to log out users after a set time period. - **Auto-Logout For Down Node** - Enable to log out users after a node link status is down for a set time period. - **Reauthentication Interval** - Specify how often to renew authentication. - **Session Timeout Notification** - Specify time prior to the login session expiration that you want to notify users. - Agent required. - **Custom User Login Page URL** - Specify URL for a custom user login page which will be redirected when a user clicks a Login button in CWP page. - **Authentication at Startup** - Specify whether to require Authentication when the computer restarts or wakes. - Agent required. Not compatible when Single Sign-On is enabled. - **Display Name of Username** - Specify a display Name of Username for use on Captive Portal and Agent Authentication prompt. - **Display Name of Password** - Specify a display Name of Password for use on Captive Portal and Agent Authentication prompt.