Documentation

Configure authentication routes (7.1.0)

Configure authentication routes

To learn about configuring authentication routes for ThoughtFarmer version 7.1.1, please see How to set up login providers (7.1.1).

ThoughtFarmer supports mixed authentication methods. This is configured by mapping particular access URLs to an authentication type. Configuration can be changed through the Administration PanelAuthentication section > Authentication Types page.

By default "All undefined hosts" is mapped to Windows authentication. To change this, click the gear icon under the Action column, select Edit from the menu that appears, and adjust the settings as desired.

To add a new authentication route you will need to add:

Host Name: The specific URL that ThoughtFarmer will use to direct the authentication mechanism. This can be a host header, server name, or IP address.

Authentication Type: ThoughtFarmer supports the following authentication types:

Windows: Users are presented with a pop-up login prompt using Integrated Windows Authentication. For Internet Explorer users on your local area network this allows for Single Sign on to work and no authentication is presented.
Forms: Users are presented with a customizable login page. Users have the option to check the "Stay signed in" button so that they are not presented with the login page the next time they access. The number of days this is in effect can be modified on the Administration panelAuthentication section > Settings page.
Forms (session only): This is the same as Forms authentication except there is no "Stay signed in" option. Users are presented with the login screen every time they re-open their browser and access the site.
Cosign: Cosign is a 3rd party authentication mechanism that is supported by ThoughtFarmer. If you have Cosign installed then you can assign this value to your access URLs.

For Forms authentication, the user's Domain does not need to be supplied. ThoughtFarmer automatically checks the username with the local server, the synced to AD domain and any additional domains added to a comma delimited list found under Authentication Domains on the Administration panelAuthentication section > Settings page.

Customizable authentication by IP address

When the authentication type Forms (session only) is used, users must login to the intranet every time they re-open their browser and access the site. If it would be advantageous for users to be able to stay signed in when at certain locations only (such as at the office), this can be accomplished with authentication by IP address. To allow the "Stay signed in" option for users at certain locations:
  1. Forms authentication must be enabled (see above).
  2. Go to the Administration panelAuthentication section > Settings page.
  3. Scroll down to the General authentication settings section.
  4. Under the "Stay signed in" heading, select the checkbox "Allow the intranet to remember a user's computer and keep the user signed in when they return."
    6.7Admin8842AuthbyIP4.png
  5. Enter the number of days a user may stay signed in for in the "Remember the user for XX days" option.
  6. Click Add beside "Only remember users from the following IP ranges". The "Edit rules" dialog will appear.
    6.7Admin8842AuthbyIP6.png
  7. Enter the IP ranges where you want to allow users to stay signed in. To add multiple IP ranges, click Add new range. To delete an IP range, click the trashcan icon.
  8. Click Done.
  9. Click Save changes at the bottom of the page.
Now only users accessing the intranet from the allowed IP ranges will be able to choose to stay signed in. If users access the intranet from other locations, they will be required to sign in every time they access it.