Portal Authentication

Modified on Tue, 4 Feb at 6:35 PM

TABLE OF CONTENTS


Introduction

Portal authentication is a network access control method that requires users to authenticate themselves through a web-based portal before gaining access to the internet or specific network resources. ManagementStudio has an inbuilt portal authentication feature that helps prevent unauthorized access to data. This allows administrators to control who accesses the data/information and monitor user activity. 


How Portal Authentication Works

The portal authentication process displays a login page where the user must enter credentials (such as a username and password, an access code). Once the user submits their information, the credentials are verified against an authentication server. If the credentials are valid, the user is granted access. If the credentials are invalid, the user is denied access or asked to re-enter their information. After successful authentication, the user is granted access.


Accessing the Portal Authentication Rule Editor

  • Switch to Administration -> Portal Settings (1)
  • Click on either New Wrapper (2) or on an existing Wrapper (3)
  • In the window scroll down to the Authentication panel (4)
  • Click New (5)


Portal Authentication Rule Layout


UI ElementsDescription
Rule LabelThe label that will be shown in the drop down menu for selecting the Authentication.
This page requires authenticationThe User is required to be logged into ManagementStudio/AD/Azure to view this page. If Authentication is not enabled, then anyone with the Url of this page can view its content.
Show HelpProvide more information on each of the configurations.
Authentication Levels
Grid User with AD/Azure LoginThese are users who are part of AD and/or Azure, but are required to be in the User Migrations Grid.
ManagementStudio LoginThese are ManagementStudio account holders.
AD Or Azure LoginThese are users who are part of AD and/or Azure, but not necessarily in the User Migrations Grid.
Authentication Types
Native MS AuthUses ManagementStudio Username/Password to authenticate.
Local AD AuthUses local AD Domain to authenticate.
Azure AD AuthUses configured Azure Domain to authenticate.
One-Time-PassAn automatically generated numeric code used to authenticate. NB this can only be configured against Users in the grid and Domain users. The email address of the end-user needs to be found in the system.



Multiple Auth Levels are NOT supported, please only check items of the same level (on the same row)


Configuration Settings


Authentication LevelAuthentication Rule SelectedAuthentication Options Displayed
Grid User with AD/Azure Login
  • Local AD Auth
  • Azure AD Auth
  • One-Time-Passcode
ManagementStudio Login
  • Local AD Auth
  • Azure AD Auth
  • Native MS Auth
AD Or Azure Login
  • Local AD Auth
  • Azure AD Auth


Creating a Portal Authentication Rule

  • Switch to Administration -> Portal Settings (1)
  • Click on either New Wrapper (2) or on an existing Wrapper (3)
  • In the window scroll down to the Authentication panel (4)
  • Click New (5)



  • The Portal authentication rule editor will appear similar to the below



  • Enter a meaningful name for the authentication rule (1)
  • Enable the checkbox 'This page requires authentication' (2)
  • Select the required Authentication Type and Authentication levels (3)
  • Further restrictions to the Authentication rules can be added based on the following:
    • Blueprint Id
    • Blueprint FolderId
    • DeployUnit Id 
    • Role Group Id


Please see table below on the restrictions and the Authentication type it uses.


  • If this is required, Click on 'Click here to add new item' (4)
  • Click Save (5) to commit the changes


RestrictionsAuthentication Type
Role GroupManagementStudio Login 
Blueprint/Deployment Unit (DU)User Grid w/AD or Azure Login


Editing the Content of the Authentication Page


These login pages are editable via the authentication portion of the wrapper. Almost everything on that page can be editable.

  • Switch to Administration -> Portal Settings 
  • Click on either New Wrapper  or on an existing Wrapper
  • In the window scroll down to the Authentication panel 
  • Click New or Edit to edit an existing rule
  • Scroll to the 'Customise the Multi-Auth Log in Page' panel


UI ElementDescription
Header BlockHTML Content to display at the top of the page.
SubHeader BlockHTML Content to display at the top of the page as a sub header.
Footer BlockHTML Content to display at the bottom of the page.
Disable the 'Authentication required. Please choose from the authentication options below' messageDisables message on the page.
Native Auth Block

Native Auth Button Label 
Windows Auth Block
Windows Auth Button Label
Azure Auth Block
Azure Auth Button Label
OTP Auth Block
OTP Auth Button Label
Allow Users to without access to sign-up and request access
Sign-Up Portal Form Id
Sign-Up Block
Sign-Up Button LabelText to display on the sign-up button.




Setting up Windows/Azure Authentication

In order to enable windows authentication, you must install the windows authentication role service, and then enable Windows authentication for the ManagementStudio website. Please refer to this article on how to set this up.









Further Support

If you require further support, please visit ManagementStudio's Service Desk to search the knowledge base or create a new support ticket.