Setting Authentication Types

<< Click to Display Table of Contents >>

Navigation:  Administrating FYI Server > Applying Advanced Server Settings >

Setting Authentication Types

Although there are four options in the Authentication type list, these can be divided into two categories: Concordance security and external authentication through Microsoft Windows (depending on your version of Microsoft Windows Server). In choosing external authentication, you gain the use of policies, including but not limited to password expiration, renewal, and format.

When the authentication type is external to Concordance, such as Microsoft Active Directory, the FYI Server uses the external authentication logon name to determine the user's Concordance database rights, field rights, and menu security. If the user's external authentication logon name is not added to the Concordance database, the user will not have access to the database.

Note

Dual authentication, authenticating users against more than one server, can only be set for a maximum of two Active Directory LDAP servers.  The Auxiliary authentication server setting is not available for the External by Domain or External by NT Server options.

Note

When authenticating users against an Active Directory server in a domain other than where FYI Sever is located, make sure that the FYI Server is running on Windows Server 2016.

If a database administrator account is specified on the Management tab in the FYI Admin Console, the FYI Server then copies the users from Concordance and adds them to the FYI Admin Console for that specific database. This allows you to use external security to set password policies, including expiration, renewal, and format.

Warning

Before changing the authentication type to an external method, check the Concordance databases and add user names and rights as needed.

For more information about authentication types, see About setting up user security.

 

To Set the Authentication Type to Concordance

1.Click the Settings tab.

2.In the Server Settings section, click the authentication type in the Authentication type row.

3.Click the arrow to open the authentication type list, and click Concordance.

i.When Concordance is selected, FYI Server uses the a Concordance database's .sec file to authenticate users.

4.Click Apply to save your settings.

5.Remember to adjust port settings as specified for each authentication type, and update IP addresses if they change.

 

To Set the Authentication Type to External by Domain

1.Click the Settings tab.

2.In the Server Settings section, click the authentication type in the Authentication type row.

3.Click the arrow to open the authentication type list, and click External by domain.

i.When External by domain is selected, FYI Server allows for user authentication against an NT domain controller without an Active Directory.

4.Click in the Authentication server row below External by domain, and type the authentication server name, such as a company or work group name (.com or IP address entries are not acceptable).

5.Click Apply to save your settings.

6.Remember to adjust port settings as specified for each authentication type, and update IP addresses if they change.

i.External by domain authentication typically requires use of several ports: 137 TCP, 138 UDP, 139 TCP, and 445 TCP. Ensure that your firewall is not blocking these ports.

 

To Set the Authentication Type to External by NT Server

1.Click the Settings tab.

2.In the Server Settings section, click the authentication type in the Authentication type row.

3.Click the arrow to open the authentication type list, and click External by NT Server.

i.When External by NT Server is selected, FYI Server allows for user authentication against a stand alone server (member server).

ii.A member server is a server that meets all of the following requirements:

The server is running a Microsoft Windows 2000/XP Professional/Windows 2003 Server operating system

The server is part of a domain

The server is not a domain controller

4.Click in the Authentication server row below External by NT Server, and type the authentication server name, such as mypdc.company.com or an IP address.

5.Click Apply to save your settings.

6.Remember to adjust port settings as specified for each authentication type, and update IP addresses if they change.

i.The port addresses typically required by External by NT Server authentication include: 137 TCP, 138 UDP, 139 TCP, and 445 TCP. Ensure that your firewall is not blocking these ports.

 

To Set the Authentication Type to External by Active Directory LDAP

1.Click the Settings tab.

2.In the Server Settings section, click the authentication type in the Authentication type row.

3.Click the arrow to open the authentication type list, and click External by Active Directory LDAP.

i.When External by Active Directory LDAP is selected, FYI Server uses Microsoft Windows Active Directory to authenticate users. (Microsoft Windows 2000 or later)

4.Click in the Authentication server row below External by Active Directory LDAP, and type the authentication server name or an IP address.

5.(Optional) Click in the Auxiliary authentication server row to set a second authentication server, and type the authentication server name or an IP address.

Note

When authenticating against an internal and an external domain, make sure that the same username does not appear in both domains.

6.Click Apply to save your settings.

7.Remember to adjust port settings as specified for each authentication type, and update IP addresses if they change.

i.The firewall ports that need to be open for Active Directory include: 389 (LDAP,) 636 (secure LDAP,) and NetBIOS ports for the change password feature.

Note

If both the LDAP and Auxiliary server options are set, both server names are displayed when using the Insert Domain Users option for the Users tab in the FYI Admin Console.