User Authentication


These settings are system wide settings for XDOC users. Since XDOC users can either be internally or externally created, configuration options need to be in place to account for the wide variety of options customers can use for validating users.

User Authentication – General settings for users and user authentication 

 

Field Value
Allow External Users Yes/No to allow for external users. Almost all XDOC integrations will need this set to "yes"
Allow Remember User Yes/No to allow for the application to remember the user name at next logon
Allow Auto-Logon Yes/No to allow for auto-logon so users don't have to log on with a password every time
Auto-Logon Timeout The amount of idle time on a browser session before automatically logging out
Auto-Logon Timeout Max The maximum amount of time allowed for this setting
Use Logon Page Captcha If set to "yes" the system uses a validation security question when logging on to the system for added security

 

External User Validation and Lookup – When integrating users form outside of the XDOC system, there are two types of validation that can happen, Lookup and Validation. User Lookup simply integrates the users into the system from the outside source, and User Validation verifies they have the right authentication to access XDOC. These two sections have the same configuration options, which are tied to elements of the axSystemComfig.xml integration file on the XDOC server. NOTE: Users should never alter any of these fields without first consulting Axacore Customer Support.

Field Value
External User Validate  
Provider Class Field for determining the outside provider. Choices are Active Directory, HTTP Simple Service, Database, and Custom
Provider Profile The connection information in the axSystemConfig.xml file that will connect to this provider
Provider Auth Used for additional configuration auth from the provider. 
Provider Config If there is an additional configuration information needed, it goes in this field.
   
Field Value
External User Lookup  
Provider Class Field for determining the outside provider. Choices are Active Directory, HTTP Simple Service, Database, and Custom
Provider Profile The connection information in the axSystemConfig.xml file that will connect to this provider
Provider Auth Used for additional configuration auth from the provider. 
Provider Config If there is an additional configuration information needed, it goes in this field.

 

Azure AD B2C – XDOC supports a Azure Active Directory B2C authentication method that leverages a customer identity access management solution for user sign in. Azure Active Directory B2C authentication provides integrators with various authentication tools including social media platform authentication options, multifactor authentication, and local account authentication. 

Field Value
Enable B2C User Authentication Selecting Yes enables the Azure B2C Environment option in the “Logon Using” dropdown on the XDOC login page.
Auto Redirect to B2C Login

Setting this value to “No” will prevent users from selecting the “Azure AD B2C Authorization” from the dropdown menu.

Setting this value to "Yes" will redirect users to the Azure AD B2C login page and bypass the XDOC page. 

Match Username to Claim ID This specifies what claim in the id_token received from Azure that XDOC should use to match to the user attribute selected in Match XDOC User On. Sample claim ID values could be oidemailsxdoc_username. These claim IDs are configured in Azure.
Microsoft Identity Platform Version Select v1.0 or v2.0, based on your paramaters.
Flow Type

This specifies whether to use an Oauth 2.0 Authorization Code with PKCE or an Implicit/Hybrid Flow. This setting entirely depends on how the User Flow (policy) is configured in Azure.

  • The Authorization Code with PKCE is more secure. Upon successful B2C authentication, Azure will return an Authorization Code to XDOC which is then sent to a separate Token Endpoint where it can be exchanged for the user’s id_token.
  • In an Implicit/Hybrid Flow, the id_token is simply returned to XDOC upon successful B2C authentication.
User Flow (Policy) Name The name of the user flow.
Directory (Tenant) Name The Azure Tenant name.
Directory (Tenant) Domain The Azure Tenant domain name.
Directory (Tenant) ID The Azure Tenant Id.
Application (Client) ID The ID used to register the app.
Application (Client) Secret This is an additional secret value that can be set in Azure when implementing the Auth Code Flow. This value gets passed to the Token Endpoint and is validated before handing off the id_token back to XDOC. This is only required if configured under the App Registration in Azure.
Additional Auth URL Query Parameters This is for appending additional custom parameters to the Auth URL.