Posted Thu, 06 Sep 2018 17:52:18 GMT by Connie McMahan

Can we force Windows account login and not allow DocuWare account login to the web client?  I found where we can use a different URL with ntlm in it to automatically use the Windows Login, but once logged in, if you logout, you are then able to choose DocuWare account to login.  Is there a way to remove that option?

We have a compliance issue we are trying to resolve.  Our staff are now required to change passwords every 90 days to meet the compliance regulation.  Currently they login with the Windows account login and most don't even know their DocuWare password.  If we could require Windows Login, then we don't need to make them change their DocuWare password.  Otherwise, we'll have to force them to change a password they never use and don't even know, every 90 days.

I guess that leads to another question.  If their DocuWare password expires after 90 days, can they still login using the Windows account, even without changing their DocuWare password?  Or does that password expiration actually lock the account?  That leads to another thought, if we turn on secure passwords, does that then become the only login option, and they cannot use the windows account login?

Posted Thu, 06 Sep 2018 18:11:00 GMT by Phil Robson

Generally the login selected should be kept in a cookie locally, so that the last login type used becomes the default. I you want to use Windows SSO then do not implement DocuWare secure login.
What we can do to stop the users from being able to login using the DocuWare login is to select one user and set the password for that user to something very secure. Once set we can copy the encrypted password to all users in the system. Only the administrator who set the password would know what it is. That way, the unknown password would never expire, the correct password control is implemented through windows and no user except the administrator can login using the DocuWare login.

 

Phil Robson
Senior Director Support Americas

Posted Thu, 06 Sep 2018 18:25:48 GMT by Joe Kaufman

Connie,

I just changed my DocuWare password via the DW Admin tool so that it is different from my Windows password. I was still able to log into DocuWare via Windows Authentication, and then when I used DocuWare authentication I had to use the different password I had just changed to. 

I can't be sure it works the same way when it comes to expiration and password compliance rules, though. Anyone close to expiring that you can test with? It looks to me like WIndows authentication works regardless of the DocuWare login. I have had uses that never logged in with DocuWare authentication and so have never even changed their password away from the original (we do not enforce any rules or expirations, though).

 

Thanks,

Joe Kaufman

Posted Thu, 06 Sep 2018 18:31:44 GMT by Phil Robson

Joe,
Correct. When using SSO DocuWare does not use the DocuWare password. In fact, if you perform an AD synch to bring in users, and specify that DocuWare creates a password for each user, then a 32 characters abitrary password is created. No one, not even the administrator knows what it is because it is machine generated and encrypted. Only an administrator with rights to create users can change that password.

 

Phil Robson
Senior Director Support Americas

Posted Thu, 06 Sep 2018 18:56:12 GMT by Joe Kaufman

Phil,

Thanks for the detailed confirmation on that -- good to know!

 

Thanks,

Joe Kaufman

Posted Thu, 06 Sep 2018 20:36:22 GMT by Connie McMahan

Thank you!

Posted Fri, 07 Sep 2018 04:12:08 GMT by Martin Zebedies

Hey Phil,

one more question at this point.
In my mind, every user who has loged in with windows authentication can change the random set password in the personal settings, or?
Is it possible to deactivate that?

Best regards

Martin

Posted Fri, 07 Sep 2018 10:17:07 GMT by Phil Robson

Martin,
Actually, yes. They could execute a "Lost password" reset.

Phil

You must be signed in to post in this forum.