Setting User Account Authentication for the Web Client

User authentication refers to the process of verifying that a particular user is authorized to use the Web Client. User authentication requires a user account name and password. A person must have an active InterAction user account to use the Web Client. Non-InterAction users cannot connect to the Web Client.

This section covers the following topics:

  • Web Client Login Page
  • Skipping the Web Client Login Page
  • Web Client Sessions
  • Trusted Clients on the Application Server
  • Security and Authentication for the Application Server

Web Client Login Page

Web Client users can enter their InterAction account information in a login page. A login page for the Web Client is included in the standard installation.

Login Page Included with Web Client that Collects InterAction User Account Information

Skipping the Web Client Login Page

Note: You must have InterAction user account names that match the users network account names to skip the Web Client login page.

The Web Client supports NTLM authentication.

NTLM authentication provides the Web server with information about the currently logged-in Windows account. The Web Client can then use that account information to authenticate the user without displaying the login page. This is especially useful if you are integrating Web Client pages or nuggets into your intranet or portal.

To use NTLM authentication to bypass the Web Client login page, you must configure your IIS Web server appropriately. This includes the following:

  • Turn off the Anonymous Access option for IIS.
  • Turn on the NTLM authentication option.

For detailed instructions, see “Configure IIS to Use NTLM Authentication,” later.

Note: Skipping the login page in the Web Client is not in any way related to the Password not required in the Windows Client when logged onto the network check box in InterAction Administrator.

Configure IIS to User NTLM Authentication

  1. On your Web server, choose Start > Control Panel Administrative Tools > Internet Information Services (IIS) Manager or Internet Information Services.

  2. From within Internet Information Services (IIS) Manager, double-click on the Web site level in the directory tree.

  3. Select Authentication in the main window under IIS.

  4. Right-click on Windows Authentication and choose Enable.

  5. Right-click on Anonymous Authentication and choose Disable.

    This enables NTLM authentication on the Default Web Site.

Configure Web Client to Skip the Login Page

  1. Configure IIS to use NTLM authentication.

  2. Open InterAction Administrator.

  3. On the main window of InterAction Administrator, double-click User Account and Group Configuration in the entity list.

  4. Choose Security.

  5. On the Security Settings dialog box, specify the NT domain(s) for the user workstations in the Domain text box.

    A user must be in one of the specified domains to bypass the Web Client login page.

    You can specify multiple domains by separating them with semi-colons (;) in the list.

  6. Choose OK to save your changes and close the dialog box.

Note: If users are still presented with the login page after performing these steps, open the InterAction.cfg file, and make sure the loginRequired setting is set to False and save and close the file. This is the default setting. For more information about the InterAction.cfg file, see Configure & Start IA App Server.

Entering the NT domain(s) in the Security Settings Dialog Box

 

Web Client Sessions

When a user connects to the Web Client and successfully logs in, the Web Client begins a new session. This occurs regardless of how the Web Client validated or authenticated the user. Once the user has established a session, he or she can access data without needing to provide an account or password again.

A session eventually times out if there is no activity from the user. After the session times out, the user must be re-validated before he or she can access any more information.

Trusted Clients on the Application Server

A user working on the workstation with Application Server installed can access Application Server methods without providing a password. This is because the Application Server is considered a trusted client. A user on a trusted client only needs to provide an account name; it does not authenticate the password.

For example, when you enter the URL for a page from a different machine, the Web Client redirects you to the login dialog box to collect the account and password. If you enter the same URL from a trusted client and include an account name, the Web Client displays the page without requiring a password.

Therefore, be sure to keep the physical Application Server secure.

Security and Authentication for the Application Server

The Application Server is used for several other features in InterAction beyond the Web Client. Connectivity to the Application Server must be set up for all of the following:

  • User to Firm Contact Sync
  • Folder Dependency Analyzer
  • Data Change Management
  • InterAction for Microsoft Outlook

The user validation option you choose for the Web Client also affects these features. For these items to run without error, you must be able to access the InterAction Web Client without being prompted for authentication by Windows or IIS. (Usually indicated by a login box containing User Name, Password, and Domain Name.) If you are prompted for such a login when attempting to access the InterAction Web Client from the Process Manager system, you may need to set up NTLM authentication.