Set authentication methods

Users have to authenticate themselves at different points in the IQ4docs system (e.g. on the device (Embedded Client) or in the WebClient).

You can set which authentication options should be offered. To do so, proceed as follows.

To open the web administration, enter http://<hostname>/webadmin in the web browser (where hostname corresponds to the server on which IQ4docs WebAdmin was installed). In a client environment, enter the URL that you received from the client administrator (for example, http://server/webadmin/#/cf992178-4bd6-431c-b815-b9d734d0ded3). If you are not already logged in, log in with a user that has administrator rights (login and password) or as the IQ4docs system administrator (administrator with password admin by default).

In the web administration, click Authentication in the menu.

Select here which login options should be offered to the user on the device and in applications (e.g. WebClient). Options that have not been activated are not visible to the user.

Specify which authentication method is used and displayed by default, for example, when a user comes to the device. This selected option is always displayed and is activated in the login options below, which cannot be changed.

When Single Sign On (Windows login) is active, the default authentication method has no relevance and is only used if Windows automatic authentication fails.

Specify which authentication methods should be available for the Embedded Client (on the device) and the WebClient.

Field Description
Credentials With this option the user can log in with a login name and password (stored in the user data record). If the option Use AD Authentication is activated, the system first checks against the Active Directory and then against the login credentials stored in the user data record. If one of the two is OK, the device is enabled.
Pin code If this option is activated, the user can log in by entering their personal PIN. If the option is disabled, the login option is not visible. If this option is enabled, the RFID Card and PIN option is automatically disabled. A PIN can be generated automatically and sent to the user or requested by the user himself, see Using Pin Codes.
Windows (Single Sign On) With the Windows option, the login to the WebClient is done automatically by Windows, users do not need to authenticate themselves manually, see also Automatic Windows Authentication.
RFID Card If the device is equipped with a card reader, authentication on the device can be done by holding the card in front of the card reader (card login is not possible for applications). A dialog is displayed on the device which shows the device and the position of the card reader is marked with an arrow (if this dialog is not displayed, card login is not possible). If this option is enabled, the RFID Card and PIN option is automatically disabled, see also Using Access Cards.
RFID Card and pin code This option increases the security of the login by combining the login methods RFID card and PIN. To log in, the card must be presented first. The user's PIN is then requested. If this option is activated, the RFID card and PIN options are automatically deactivated. If you use this method as the default authentication method, the RFID dialog is displayed on the device.

Enable Active Directory Authentication if authentication against the Active Directory should also take place (a check against the credentials in the user data record always takes place, even if the check against the AD fails)

  • This requires the authentication service to be run under a domain user that belongs to the domain against which the check is to be made. This domain user must be added to the IIS_IUSRS group.
  • This user needs read and write access to the Logs directory.

Proceed as follows to change the permission for the application pools.

  • Open the IIS Manager.
  • Open the application pools via the Connections tree view.
  • Select the desired application pool with a left click and in the Actions area, click Advanced Settings.
  • For the Identity setting, click ... at the end of the line.
  • Under User-Defined Account, click Set... and specify the desired user and password and save the settings.
  • Then restart the application pool by clicking Exit in the Actions area for the application pool and then click Start again (do not use Reuse).

If you want functions that do not necessarily require a login (e.g. copying, if no billing is to take place) to be accessible without user authentication, use the Anonymous Authentication of the device. Set this on the device, see Device List.