Authentication tab

 On the Authentication tab of the Properties window, you define whether logging on to CAS genesisWorld using Windows authentication is permitted.

In general, users have multiple options for logging on to CAS genesisWorld:

Users accounts automatically allocated in CAS genesisWorld and Windows if you work with the Active Directory.

The Use Windows authentication button is also displayed on the logon page of the CAS Authentication Server.

If a user clicks the button, the settings defined here on the Authentication tab apply. Thus, users can also log on using their Windows credentials when logging on via the CAS Authentication Server.

For users to be able to log on using their Windows credentials, you need to activate either the Support integrated Windows authentication or the Use Windows logon data option here on this tab. In addition, users must have logged on to CAS genesisWorld Web within the company network once before to use the Windows authentication outside the network.

Active Directory

If the Active Directory is used, a mapping of CAS genesisWorld users and Windows users is created via a SID (Security Identifier).

With the settings on the Authentication tab, you can define whether you use the mapping via the SID (Security Identifier) not at all, partly, or entirely.

LDAP access

Users can also log on via a publicly accessible application server without accessing the Active Directory using a LDAP access.This LDAP access is set up for a user account in the Management Console.

In addition to the SID (Security Identifier), a hash value is created from the password of a user of CAS genesisWorld. The hash value is stored in the CAS genesisWorld database.

Users can log on without access to the internal network if they have previously logged on with access to the internal network and the hash value has been saved in the database. If the password has been changes, they need to log on to the network again.

<ntuser>

In the desktop client and CAS genesisWorld Web, you can enter <ntuser> or no value in the user name field to log on using the current Windows user. The current Windows user is identified by the client on the currently used computer. This authentication is stored locally, transferred encrypted via the SID (Security Identifier) when logging on to the client, and checked.

The same as before applies here: Users can log on without access to the internal network if they have previously logged on with access to the internal network and their password has not been changed.

You cannot log on to the mobile app using the <ntuser>. You can also not use this logon option if you use the CAS Authentication Server.

When does CAS genesisWorld require a password?

You need to activate the LDAP service in the Server Manager and set up the LDAP access in the program that supports LDAP on the user's computer.

Benefits when using Windows credentials

Options on the tab

The options have different results for users depending on the used client.

No Windows authentication

Users can log on using

User name and password of CAS genesisWorld

Available in the

  • Desktop client
  • CAS genesisWorld Web
  • Mobile app

Users cannot log on using

User name and password of Windows

<ntuser>

Support integrated Windows authentication

The user accounts and groups from the Active Directory are displayed. You change the automatic assignment with the Change assignment button. This assignment is necessary if you use the Windows logon data or the Windows authentication.

Users can log on using

User name and password of CAS genesisWorld

Available in the

  • Desktop client
  • CAS genesisWorld Web
  • Mobile app

 

available Windows logon

Available in the

  • Desktop client
  • CAS genesisWorld Web

 

<ntuser>

For this purpose, the mapping of the CAS genesisWorld users with the Windows users is used.

Available in the

  • Desktop client
  • CAS genesisWorld Web

Users can only log on using the <ntuser> if they do not log on via the CAS Authentication Server.

Users cannot log on using

User name and password of Windows

Support integrated Windows authentication and Allow only Windows authentication

If you activate the Allow only Windows authentication option, the mapping is used, which transfers the logon data of the Windows user to CAS genesisWorld.

We recommend that the Allow only Windows authentication option is only used in particular cases.

The option is automatically deactivated for all users of you activate the Enter the password again before exporting option in the Security settings folder.

Users can log on using

<ntuser>

Available in the

  • Desktop client
  • CAS genesisWorld Web

Users can only log on using the <ntuser> if they do not log on via the CAS Authentication Server.

Users can only log on if the user has logged on to Windows on the current computer and the computer is connected to the network.

Users cannot log on using

User name and password of Windows

Use Windows logon data

The Use Windows logon data option is recommended for many cases.

Users can log on using

User name and password of Windows

Available in the

  • Desktop client
  • CAS genesisWorld Web
  • Mobile app

 

<ntuser>

Available in the

  • Desktop client
  • CAS genesisWorld Web

Users can only log on using the <ntuser> if they do not log on via the CAS Authentication Server.

Users can only log on if the user has logged on to Windows on the current computer and the computer is connected to the network.

Users cannot log on using

User name and password of CAS genesisWorld

<ntuser> on the mobile app