Authentication Setup

Authentication settings are used to update how dbFront authenticates users either during the initial setup or at a later point. You can validate the settings before applying them to the server.

The Authentication settings are on the first tab of the Settings screen, which is accessed from [Help] \ [Settings].

Authentication Source & Type

User Domain	The default installed value of a single period [.] directs dbFront to pick the best of the available options. If possible, it will choose the Active Directory domain your server is connected to. By default, the Login Screen will show users where they are logging in to. IMPORTANT: It is essential to set the specific directory source shortly after install to avoid confusing login problems.
User Container	The name of the active directory container(s) for users and groups. This is only required for non-default active directory structures. e.g. "`CN=Users,DC=corp,DC=domain,DC=com`"
LDAP Filter	Optionally filter the list of returned users and groups. This only applies to Active Directory or ADFS. e.g. "`(\|(givenName=Anthony)(givenName=Lucille))`", this filter will select users that have the first name of 'Anthony' or 'Lucille'. For more details on creating an LDAP filter see: LDAP Filters
Context Type	Options: Machine, or Domain. Will automatically adjust depending upon the Server or Domain that is used to authenticate the user. If there is a problem, you can manually set it to either Machine, if you are authenticating against the local machine or Domain, if you are authenticating against a network Domain.
Logon Type	Options: Interactive, Network, or Batch. Interactive: means that users need to have interactive Logon Rights. Network: is for users that are expected to have network access privileges. Batch: can be used to authenticate users that don't have either Interactive or Network rights.

Security Groups

Admin Group	The name of the local or domain group who's users will have the ability to add or administer all Database Connections. Local and Domain Administrators will automatically have this privilege.
MyAdmin Group	The name of the local or domain group who's users will have the ability to add or administer their Database Connections.
User Group	The group of users who have access to login to dbFront. If this entry is empty then by default every authenticated user has access to dbFront. Any user not listed in the group specified by this setting will NOT have access to dbFront. This applies even if they are members of a connection-specific AD group or if they are members of the groups specified by AdminAllGroup or AdminMyGroup.

Connection Authentication

On a per connection basis you can also specify two other groups, Update and Readonly. This will allow you to limit the list of users that have access to the data within that connection. Those two setting are setup in the connection access preferences. Connection Access

Session Timeout

Authenticated	Specifies how long an inactive session will remain active. If your users often get "Session Expiry" warnings or "Session Expired" errors then it might be appropriate to extend the session length.
Public	Specifies how long an inactive public session will remain active.

Test / Save - User

To test the Authentication settings, enter a username and password and click on Test Security.

To save the settings you need to specify the name and password of a user with administrative access based on the new settings. When you click Save Setup, dbFront will use those credentials to validate the new settings and then save the updated settings.

Disable Authentication Setup

Unauthenticated access to Authentication Setup is only available while running directly on the Web Server and only if the [SetupLocked] configuration option is set to false. To lock the Authentication Setup please see: Application Server Settings;