Summary

This article describes the various methods for managing authentication to InfoBurst.


InfoBurst

This is the default authentication mode and requires username and password.


Windows

Windows authentication allows a user to sign in automatically based on the user's NTUser information.


NTUser

Ensure each InfoBurst user has the proper NTUser defined in their user profile prior to enabling Windows Authentication.


Enable Windows Authentication
  • Open System > Configuration > Authentication
  • Select AuthMode
  • Set value to Windows
  • Select Save
  • Re-start the InfoBurstPlatform service


Disable Windows Authentication

Windows authentication can be disabled via the user interface by following the steps above to set AuthMode to InfoBurst. If user interface access is not possible due to a configuration issue with Windows Authentication, then follow these steps to disable Windows Authentication using IBConfig.

  • Open a command prompt (Run as administrator)
  • Change directory to the application root folder (default = C:\Program Files\InfoSol\InfoBurst)
  • Enter IBConfig AuthMode AuthIB
  • Enter IBConfig to confirm the change
  • Restart the InfoBurstPlatform service


Active Directory Synchronization

When using Windows authentication, optionally use Active Directory Synchronization (ADSync) to synchronize one or more Active Directory groups.


How It Works

  • Users from a synced AD group become InfoBurst users
  • Synced AD users are added to InfoBurst group equivalent to their AD group
  • Email and NTUser user account attributes are updated from AD
  • Password, Email and NTUser attributes are lokced for AD-synced user accounts
  • AD-synced user accounts cannot be deleted
  • AD-synced user is automatically disabled when corresponding AD user is disabled
  • AD-synced user is automatically deleted when corresponding AD user is deleted if the user does not own objects
  • AD-synced group Role is Team Member by default

Recommendations

The following prerequisites must be fulfilled prior to using ADSync:
  • Windows Authentication must be enabled (see above)
  • Server hosting the InfoBurst Platform must be on the AD domain
  • Windows account assigned to run the InfoBurst service must have access to AD
  • A server backup should be performed prior to enabling Active Directory Synchronization

Add an AD Group
  • Open System > Configuration > Authentication
  • Select ADSyncGroup
  • Enter one or more AD groups (DOMAIN\Group) separated with a semicolon
  • Select the Save button


Open ID Authentication

Open ID authentication allows a user to sign in automatically based on the user's Open ID email address.


Open ID Provider

  • Create Application representing InfoBurst
  • Add Application Redirect URIs:
    • InfoBurst User Interface: Select System > Configuration > Category:Authentication > OpenIDCallbackURI
    • InfoBurst Portal (optional): Select System > Configuration > Category:Authentication > OpenIDPortalCallbackURI
  • Obtain Client ID, Client Secret, and Open ID provider URL


InfoBurst

  • Create user(s) where Email matches Open ID email address
  • Add to System > Configuration > Category:Authentication:
    • OIDCClientID: Open ID Client ID
    • OIDCClientSecret: Open ID Client Secret
    • OIDCUrl: Open ID provider URL
  •  Enable Open ID authentication:
    • Select System > Configuration > Category:Authentication > AuthMode
    • Select Value > Open ID
    • Select Save
    • Restart the InfoBurst service

How It Works

InfoBurst user browses to InfoBurst user interface or Portal URL. If the user is authenticated to the Open ID provider, then the user will be automatically signed into InfoBurst. If user is not authenticated to the Open ID provider, then user will be redirected to Open ID provider where the user authenticates and is then logged signed into InfoBurst.

Authentication Data Source

Use Authentication Data Source (ADS) to manage users from a tabular Data Source (Database Query, Excel File List, or MultiColumn List).
  • User from ADS is automatically added to InfoBurst upon first authentication attempt
  • Password, email address, and NTUser details are automatically updated in InfoBurst
  • ADS can be used to manage InfoBurst Portal users, dashboard consumers, and users of the main InfoBurst user interface
  • User is automatically disabled or deleted based on ADS status
  • Manage mobile dashboard consumers where Windows Authentication is not feasible and Windows Authentication is enabled

Data Source Requirements

The data source may contain the following columns:


RequiredOptional
USER
ROLE		PASSWORD
GROUP
GROUPDESC
EMAIL
NTUSER
STATUS
FOLDER
FOLDERACL
SSO


Use FOLDER if requirement is to create a new folder:

  • Folder path example: \Sales\Region-A
  • InfoBurst Portal folder path syntax: \$PORTAL\Sales\Region-A

Use FOLDERACL to set group access on new folder. Default ACL is READ. Set WRITE for modify access.


Use the following aliases to define user roles in the data source:


RoleAlias
Administratoradministrator
Operatoroperator
Project Managerprojectmanager
Team Memberteammember
Report Consumerreportconsumer
Dashboard Consumerdashboardconsumer


Create Authentication Data Source

Create a Database Query, Excel File List, or MultiColumn List data source.


Apply Authentication Data Source
  • Open System > Configuration > Authentication
  • Select IBAuthSource
  • Select the Change button and select a Data Source
  • Select Save the save button


Disable User

To disable an ADS user, set the STATUS column to disabled.


Delete User

To delete an ADS user, delete the user record from the data source. If the user owns objects in InfoBurst, then the InfoBurst user will be disabled until the objects are migrated to another user or deleted.


Squirrel365 Connections

Squirrel currently supports only InfoBurst authentication when using a connection to InfoBurst. If the InfoBurst authentication mode is set to Windows, then the InfoBurst connection in Squirrel must use port 8552 (example: http://<SERVER>:8552).

See Also

Users

Groups