Authentication
versaSRS supports several Authentication methods including Forms, Windows, Microsoft Azure AD, and Active Directory Federation Services (ADFS). The Forms method also allows for Multi-factor Authentication (MFA) to be enabled as an additional security measure.
Forms / Windows
Enabling Forms or Windows Authentication is done via Microsoft Internet Information Services (IIS) Manager. The following steps outline how this can be configured.
- Open Internet Information Services (IIS) Manager on the server hosting versaSRS.
- Click on the versaSRS website and double click Authentication.
- For Windows Authentication enable the Windows Authentication status and disable the Forms Authentication status.
- For Forms Authentication enable the Forms Authentication status and disable the Windows Authentication status.
- If Forms Authentication is in use you will need to confirm that the Global Setting EnableFormsLogon is set to Enabled.
- If you wish to enable MFA, click here to jump to the relevant section
Azure
Three properties need to be defined within the Global Settings to enable the Azure Active Directory Login (denoted by *). Once all three properties are configured the Authentication mode to versaSRS will be based on Azure AD. There is also an optional additional setting for a secret key.
Global Setting | Definition |
---|---|
AzureADInstance * | Defines the Azure ADInstance. If all 3 properties "AzureClientID", "AzureTenantID" and "AzureADInstance" properties are all set, authentication mode will be based on Azure AD. |
AzureClientID * | Defines the Azure ClientID |
AzureSecretKey | Defines the Azure Application Secret Key. This property is optional however, if it is set in Azure it needs to be input here to allow authentication against Azure AD. |
AzureTenantID * | Defines the Azure TenantID |
Active Directory Federation Services
To authenticate to versaSRS using ADFS the ADFS Federation Data must be specified in the versaSRS Web.config file.
The URL to the .xml file will go into the ADFSMetaData application setting. The versaSRSURL will also need to be specified in the Global Settings.
NOTE: The User will be authenticated by either their Username or their Alias Username which is accessed by clicking the Alias icon () shown highlighted below.
Multi-Factor Authentication
When the Authentication method is set to Forms, Multi-Factor Authentication can be enabled by configuring the following Global Settings.
Global Setting | Definition |
---|---|
EnforceMFA | Defines whether Multi-Factor Authentication (MFA) is enforced or not when using forms authentication. If this is enforced, Users logging in will get an email with a verification code to authenticate, or need to input the verification code that is shown in their authenticator app, as a secondary way to ensure the login is secure. |
MFANotificationTemplateID | Select from the drop-down list of available Update Templates the one that has been configured for sending out the Multi-Factor Authentication Verification email. The following tags should be used in your template to ensure the correct data is sent to the User: [ACCOUNT_USERFIRSTNAME] [ACCOUNT_USERLASTNAME] [ACCOUNT_USERNAME] [ACCOUNT_USEREMAIL] [MFA_CODE] - This is important and must be included in your template. |
The MFA Method has to be specified in each individual User Profile, as shown below. There are two MFA methods which are Email or an Authenticator App (Google or Microsoft).
NOTE: If MFA is enforced Users who have their method set to 'Authenticator App' will need to use the email method initially to login so they can access their profile to scan the QR code, which is done by clicking the QR icon () next to the MFA Method field.
Once MFA is enforced when a User logs on they will be presented with the following screen. They will need to enter the code sent via email or from the Authenticator App to successfully authenticate to versaSRS.