Logon Settings :

As the name suggests, the 'logon settings' feature of the ADSelfService Plus assists you in configuring the logon page of this application.

• As an Administrator
• As an End-User

Note:

• You - as the administrator - get to decide whether the end-users would be availed with the 'Admin Login' option.
• In any case, it is advisable to prevent the end-users from making use of the 'Admin Login' portal. (By enabling the 'Hide Self-Service Admin Login' option.

Features:

• Logon Settings
• Single Sign-On
• Smartcard Authentication

General

ADSelfService Plus offers control over user logon access rights, CAPTCHA sengs, and more. 

• Admin Logon Settings
• Customize Domain Selection
• Multiple Login Option
• Disclaimer Option
• Login CAPTCHA

Logon settings:

Under the Logon Settings tab, you can:

1. Hide the self-service admin login portal for users.
   • Click (Admin → Customize → Logon Settings)
   • Select Hide Self-Service Admin Login. 
   • Click Save. 
2. Regulate access to the user portal via IP addresses.
   • Click on (Admin → Customize → Logon Settings)
   • Select Allow/Restrict Application access based on IP Addresses
   • Click Configure Now.
   
   • Select Allowed IP Addresses or Restrict IP Addresses.
   • Enter the appropriate IP address range in the available fields.
   • Restrict or allow specific IPs by selecting Add Indiviual IPs.
   • Click Save. 

   Note:

   
   

   If you have changed the proxy settings of ADSelfService Plus then:

   • Add the following line to the server.xml file (Default location: <InstallationDirectory>/conf/server.xml). <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="192\.168\.0\.10|192\.168\.0\.11" trustedProxies="172\.168\.0\.10|176\.168\.0\.11" />
   • Edit the values of internalProxies and trustedProxies as per your environment.
   • Enter IP address while specifying the values for internalProxies and trustedProxies, and use the vertical bar (|) character to enter multiple values.
   • Restart for the changes to take effect.
3. Customize Domain Selection : Customizing the showing list of domains on the user login page.
   • Click (Admin → Customize → Logon Settings)
   • Select Show the Domain Selection Drop Down Menu in the web portal's login page.
   • Select Show the Domain Selection Drop-Down Menu in the mobile app and mobile portal login screen if you want users to select the domain they log in to while logging in via mobile phones.
   • Click  Configure Domain list, and select the domains that will be displayed to users.
   
   • Disable default domain logins by selecting Show 'Select Domain' as default value.
   • Click Save. 
4. Multi Logon Attribute Settings : Enable ADSelfService Plus user login with other unique login attributes. You can allow users to log in to ADSelfService Plus using their mobile number, email, or any Active Directory (AD) attribute which has a unique value in place of their username.
• Click (Admin → Customize → Logon Settings)
• Select Enable other unique attributes to login into the product.
• Click  Select Attribute list . From the displayed drop-down, choose an AD attribute that you want users to use to prove their identity.

• Click Save. 
  Note:

  1. Make sure that the chosen attribute value is unique across the domain (e.g. : sAMAccountName, email or telephoneNumber).
  2. If two users have the same value for any of the log in attribute, both users will not be able to log in.
  3. Attributes that have multiple data types as values, like objectGUID or distinguishedName, cannot be used as a login attribute.
5. Disclaimer option : Show a custom disclaimer before users access ADSelfService Plus' portal.
   • Click (Admin → Customize → Logon Settings)
   • Select Enable User Disclaimer
   • Click  Customize if you want to edit the default user disclaimer. 
   • Click Save. 
   

   Note : Reset disclaimer status for all users option is used to erase users acknowledgement to access ADSelfService Plus' portal.




CAPTCHA settings

This setting displays a CAPTCHA image on the login page as a defense mechanism against bot-based brute-force attacks. End users must enter the text shown in the CAPTCHA image (or for the audio played) in order to log in to the self-service portal. 

Configuring CAPTCHA for logins:

1. Click (Admin → Customize → Logon Settings)
2. Select Show CAPTCHA (Word Verification Image) on Login Page.
   
   

3. Enable captcha for the login pages of admin, domain user, and during password reset and account unlock. 
4. Click the Captcha Settings link to configure whether to show CAPTCHA every time or only after a certain number of invalid login attempts.
• Select Show CAPTCHA after invalid login attempts to enable captcha only after a certain number of invalid login attempts. Enter the number of invalid login attempts allowed and the time (in minutes) that must pass before the invalid login count is reset.
• Select Always show CAPTCHA to display CAPTCHA every time someone tries to login to the product.
5. Select Enable Audio CAPTCHA to offer CAPTCHA for visually impaired users. 
6. Click Save.

Other Settings

1. Choose whether to hide the Help button or the Mobile Access button in the end user portal.
2. Click Save.

   
   

Customizing end-user portal interface

ADSelfService Plus enables you to customize the end-user login page.

Enabling end-user login page customization

1. Go to Admin > Customize > Logon Settings.
2. Select Customize end-user portal interface.
3. Enable HTML customization of end-user login page portal.

You can now customize the end-user login page.

• Navigate to the DomainLogin.html page in the installation folder. (Location: \webapps\adssp\html\DomainLogin.html).
• Make the necessary edits and save it.

Disabling end-user login page customization

1. Go to Admin > Customize > Logon Settings.
2. Select Customize end-user portal interface.
3. Disable HTML customization of end-user login page portal.