User Authentication
These settings are system wide settings for XDOC users. Since XDOC users can either be internally or externally created, configuration options need to be in place to account for the wide variety of options customers can use for validating users.
User Authentication – General settings for users and user authentication
| Field | Value |
|---|---|
| Allow External Users | Yes/No to allow for external users. Almost all XDOC integrations will need this set to "yes" |
| Allow Remember User | Yes/No to allow for the application to remember the user name at next logon |
| Allow Auto-Logon | Yes/No to allow for auto-logon so users don't have to log on with a password every time |
| Auto-Logon Timeout | The amount of idle time on a browser session before automatically logging out |
| Auto-Logon Timeout Max | The maximum amount of time allowed for this setting |
| Use Logon Page Captcha | If set to "yes" the system uses a validation security question when logging on to the system for added security |
External User Validation and Lookup – When integrating users form outside of the XDOC system, there are two types of validation that can happen, Lookup and Validation. User Lookup simply integrates the users into the system from the outside source, and User Validation verifies they have the right authentication to access XDOC. These two sections have the same configuration options, which are tied to elements of the axSystemComfig.xml integration file on the XDOC server. NOTE: Users should never alter any of these fields without first consulting Axacore Customer Support.
| Field | Value |
|---|---|
| External User Validate | |
| Provider Class | Field for determining the outside provider. Choices are Active Directory, HTTP Simple Service, Database, and Custom |
| Provider Profile | The connection information in the axSystemConfig.xml file that will connect to this provider |
| Provider Auth | Used for additional configuration auth from the provider. |
| Provider Config | If there is an additional configuration information needed, it goes in this field. |
| Field | Value |
| External User Lookup | |
| Provider Class | Field for determining the outside provider. Choices are Active Directory, HTTP Simple Service, Database, and Custom |
| Provider Profile | The connection information in the axSystemConfig.xml file that will connect to this provider |
| Provider Auth | Used for additional configuration auth from the provider. |
| Provider Config | If there is an additional configuration information needed, it goes in this field. |
Azure AD B2C – XDOC supports a Azure Active Directory B2C authentication method that leverages a customer identity access management solution for user sign in. Azure Active Directory B2C authentication provides integrators with various authentication tools including social media platform authentication options, multifactor authentication, and local account authentication.
| Field | Value |
|---|---|
| Enable B2C User Authentication | Selecting Yes enables the Azure B2C Environment option in the “Logon Using” dropdown on the XDOC login page. |
| Auto Redirect to B2C Login |
Setting this value to “No” will prevent users from selecting the “Azure AD B2C Authorization” from the dropdown menu. Setting this value to "Yes" will redirect users to the Azure AD B2C login page and bypass the XDOC page. |
| Match Username to Claim ID | This specifies what claim in the id_token received from Azure that XDOC should use to match to the user attribute selected in Match XDOC User On. Sample claim ID values could be oid, emails, xdoc_username. These claim IDs are configured in Azure. |
| Microsoft Identity Platform Version | Select v1.0 or v2.0, based on your paramaters. |
| Flow Type |
This specifies whether to use an Oauth 2.0 Authorization Code with PKCE or an Implicit/Hybrid Flow. This setting entirely depends on how the User Flow (policy) is configured in Azure.
|
| User Flow (Policy) Name | The name of the user flow. |
| Directory (Tenant) Name | The Azure Tenant name. |
| Directory (Tenant) Domain | The Azure Tenant domain name. |
| Directory (Tenant) ID | The Azure Tenant Id. |
| Application (Client) ID | The ID used to register the app. |
| Application (Client) Secret | This is an additional secret value that can be set in Azure when implementing the Auth Code Flow. This value gets passed to the Token Endpoint and is validated before handing off the id_token back to XDOC. This is only required if configured under the App Registration in Azure. |
| Additional Auth URL Query Parameters | This is for appending additional custom parameters to the Auth URL. |