Portal Authentication

Modified on Fri, 14 Feb at 12:07 PM

TABLE OF CONTENTS


Introduction

Portal authentication is a network access control method that requires users to authenticate themselves through a web-based portal before gaining access to the internet or specific network resources. ManagementStudio has an inbuilt portal authentication feature that helps prevent unauthorized access to data. This allows administrators to control who accesses the data/information and monitor user activity. 


How Portal Authentication Works

The portal authentication process displays a login page where the user must enter credentials (such as a username and password, an access code). Once the user submits their information, the credentials are verified against an authentication server. If the credentials are valid, the user is granted access. If the credentials are invalid, the user is denied access or asked to re-enter their information. After successful authentication, the user is granted access.


Accessing the Portal Authentication Rule Editor

  • Switch to Administration -> Portal Settings (1)
  • Click on either New Wrapper (2) or on an existing Wrapper (3)
  • In the window scroll down to the Authentication panel (4)
  • Click New (5)


Portal Authentication Rule Layout


UI ElementsDescription
Rule LabelThe label that will be shown in the drop down menu for selecting the Authentication.
This page requires authenticationThe User is required to be logged into ManagementStudio/AD/Azure to view this page. If Authentication is not enabled, then anyone with the Url of this page can view its content.
Show HelpProvide more information on each of the configurations.
Authentication Levels
Grid User with AD/Azure LoginThese are users who are part of AD and/or Azure, but are required to be in the User Migrations Grid.
ManagementStudio LoginThese are ManagementStudio account holders.
AD Or Azure LoginThese are users who are part of AD and/or Azure, but not necessarily in the User Migrations Grid.
Authentication Types
Native MS AuthUses ManagementStudio Username/Password to authenticate.
Local AD AuthUses local AD Domain to authenticate.
Azure AD AuthUses configured Azure Domain to authenticate.
One-Time-PassAn automatically generated numeric code used to authenticate. NB this can only be configured against Users in the grid and Domain users. The email address of the end-user needs to be found in the system.



Multiple Auth Levels are NOT supported, please only check items of the same level (on the same row)


Configuration Settings


Authentication LevelAuthentication Rule SelectedAuthentication Options Displayed
Grid User with AD/Azure Login
  • Local AD Auth
  • Azure AD Auth
  • One-Time-Passcode
ManagementStudio Login
  • Local AD Auth
  • Azure AD Auth
  • Native MS Auth
AD Or Azure Login
  • Local AD Auth
  • Azure AD Auth


Creating a Portal Authentication Rule

  • Switch to Administration -> Portal Settings (1)
  • Click on either New Wrapper (2) or on an existing Wrapper (3)
  • In the window scroll down to the Authentication panel (4)
  • Click New (5)



  • The Portal authentication rule editor will appear similar to the below



  • Enter a meaningful name for the authentication rule (1)
  • Enable the checkbox 'This page requires authentication' (2)
  • Select the required Authentication Type and Authentication levels (3)
  • Further restrictions to the Authentication rules can be added based on the following:
    • Blueprint Id
    • Blueprint FolderId
    • DeployUnit Id 
    • Role Group Id


Please see table below on the restrictions and the Authentication type it uses.


  • If this is required, Click on 'Click here to add new item' (4)
  • Click Save (5) to commit the changes


RestrictionsAuthentication Type
Role GroupManagementStudio Login 
Blueprint/Deployment Unit (DU)User Grid w/AD or Azure Login


Editing the Content of the Authentication Page


These login pages are editable via the authentication portion of the wrapper. Almost everything on that page can be editable.

  • Switch to Administration -> Portal Settings 
  • Click on either New Wrapper  or on an existing Wrapper
  • In the window scroll down to the Authentication panel 
  • Click New or Edit to edit an existing rule
  • Scroll to the 'Customise the Multi-Auth Log in Page' panel


UI ElementDescription
Header BlockHTML Content to display at the top of the page.
SubHeader BlockHTML Content to display at the top of the page as a sub header.
Footer BlockHTML Content to display at the bottom of the page.
Disable the 'Authentication required. Please choose from the authentication options below' messageDisables the message that appears beneath the SubHeader Block:
"Authentication Required. Please choose from one of the authentication options below."
Native Auth Block
Overwrite the message displayed when the ManagementStudio authentication type (MS Native Auth) is selected.
Native Auth Button Label The text displayed in the login button when ManagementStudio authentication is selected.
AD Auth BlockOverwrite the message displayed when the AD authentication (Local AD Auth) type is selected.

AD Auth Button LabelThe text displayed in the login button when Windows authentication is selected.
Azure Auth BlockOverwrite the message displayed when the Azure authentication type (Azure AD Auth) is selected.

Azure Auth Button LabelThe text displayed in the login button when Azure AD authentication is selected.
OTP Auth BlockOverwrite the message displayed when the OTP authentication type (One-Time-Pass) is selected.

OTP Auth Button LabelThe text displayed in the login button when OTP authentication is selected.
Allow Users to without access to sign-up and request access
Sign-Up Portal Form IdThe ID of the custom Portal Form that is used to request access to the page (this needs to be created in advance).
Sign-Up BlockA description or instructions for users when offering a custom sign-up page.
Sign-Up Button LabelText to display on the sign-up button.




Setting up Windows/Azure Authentication

In order to enable windows authentication, you must install the windows authentication role service, and then enable Windows authentication for the ManagementStudio website. Please refer to this article on how to set this up.









Further Support

If you require further support, please visit ManagementStudio's Service Desk to search the knowledge base or create a new support ticket.