Summary


This article describes the various methods for managing authentication to the InfoBurst Platform.



Windows Authentication


Windows Authentication allows a user to sign in automatically based on the user's NTUser information.


NTUser


Ensure each InfoBurst user has the proper NTUser defined in their user profile prior to enabling Windows Authentication.


Enable Windows Authentication
  • Open System > Configuration > Authentication
  • Select AuthMode
  • Set value to Windows
  • Select Save
  • Re-start the InfoBurstPlatform service

Disable Windows Authentication


Windows Authentication can be disabled via the user interface by following the steps above to set AuthMode to InfoBurst. If user interface access is not possible due to a configuration issue with Windows Authentication, then follow these steps to disable Windows Authentication using IBConfig.

  • Open a command prompt (Run as administrator)
  • Change directory to the application root folder (default = C:\Program Files (x86)\InfoSol\InfoBurstPlatform)
  • Enter IBConfig AuthMode AuthIB
  • Enter IBConfig to confirm the change
  • Restart the InfoBurstPlatform service



Active Directory Synchronization

Use Active Directory Group Synchronization to synchronize one or more Active Directory groups when using Windows Authentication.
  • Users from a synced AD group become InfoBurst users
  • Synced AD users are added to InfoBurst group equivalent to their AD group
  • Email and NTUser user account attributes are updated from AD
  • Password, Email and NTUser attributes are lokced for AD-synced user accounts
  • AD-synced user accounts cannot be deleted
  • AD-synced user is automatically disabled when corresponding AD user is disabled or deleted

Recommendations
The following prerequisites must be fulfilled prior to using Active Directory Synchronization:
  • Windows Authentication must be enabled (see above)
  • Server hosting the InfoBurst Platform must be on the AD domain
  • Windows account assigned to run the InfoBurst service must have access to AD (see Installation > Post-Installation > Service Account)
  • A server backup should be performed prior to enabling Active Directory Synchronization

Add an AD Group
  • Open System > Configuration > Authentication
  • Select ADSyncGroup
  • Enter one or more AD groups (DOMAIN\Group) separated with a semicolon
  • Select the Save button



Authentication Data Source

Use Authentication Data Source (ADS) to manage users from a tabular Data Source (Database Query, Excel File List, or MultiColumn List).
  • User from ADS is automatically added to InfoBurst upon first authentication attempt
  • Password, email address, and NTUser details are automatically updated in InfoBurst
  • ADS can be used to manage InfoBurst Portal users, dashboard consumers, and users of the main InfoBurst user interface
  • User is automatically disabled or deleted based on ADS status
  • Manage mobile dashboard consumers where Windows Authentication is not feasible and Windows Authentication is enabled

Data Source Requirements


The data source may contain the following columns:


RequiredOptional
USER
ROLE
PASSWORD
GROUP
GROUPDESC
EMAIL
NTUSER
STATUS
FOLDER
FOLDERACL
SSO


Use FOLDER if requirement is to create a new folder:

  • Folder path example: \Sales\Region-A
  • InfoBurst Portal folder path syntax: \$PORTAL\Sales\Region-A

Use FOLDERACL to set group access on new folder. Default ACL is READ. Set WRITE for modify access.


Use the following aliases to define user roles in the data source:


RoleAlias
Administratoradministrator
Operatoroperator
Project Managerprojectmanager
Team Memberteammember
Report Consumerreportconsumer
Dashboard Consumerdashboardconsumer



Create the Authentication Data Source


Create a Database Query, Excel File List, or MultiColumn List data source.



Apply the Authentication Data Source
  • Open System > Configuration > Authentication
  • Select IBAuthSource
  • Select the Change button and select a Data Source
  • Select Save the save button


Disable a User


To disable an ADS user, set the STATUS column to disabled.


Delete a User


To delete an ADS user, delete the user record from the data source. If the user owns objects in InfoBurst, then the InfoBurst user will be disabled until the objects are migrated to another user or deleted.



Dashboard Connectors

With Windows Authentication enabled, the standard InfoBurst web service port (8551) requires the authenticating user be on a Windows platform. Mobile Authentication makes standard InfoBurst authentication available over port 8552. The dashboard connector or Connection Manager must be configured for Mobile Authentication:
  • Select Mobile Authentication 
  • Server:Port: <IB_SERVER>:8552


1119_001.png



See Also


Users

Groups