9.2 Authentication for clients
The user of a client has to authenticate himself when logging on to SwyxServer. Basically, the following authentication types are available:
You can define for each user which of the three authentication types they may use, see To edit the authentication settings for a User
When logging in, the user is offered two authentication types; even if one or even all of them are not allowed for the user:
- Windows account or composite authentication
- Name/Password Authentication
Ensure that the user can authenticate via at least one of these options.
- Windows account or composite authentication
- Name/Password Authentication
Ensure that the user can authenticate via at least one of these options.
Authentication with user name and password
If necessary, enter a user name and password with which a user can log in to SwyxWare Administration and the clients.
The user name must correspond to the UPN format (User Principal Name): User login name +"@" + UPN suffix. You can use the domain name or an alias as the UPN suffix.
Example: john.jones@company.com
You can set the UPN suffix in the server properties, see 4.7 Defining the log in settings.
The user name is used to create a SIP user ID.
See also SIP user name and SIP user ID; SIP password.
Users configured before V 11.25 do not use UPN. To enable these users to log in via UPN, enter the appropriate UPN for each user.
Force complex user password
As an administrator, you can force or deactivate the use of complex passwords as a general rule for SwyxServer in server configuration ( Force complex user passwords)
This rule can be configured individually for each user.
In the Force complex password and password history setting you can choose between the following three options:
Use server default settings (<current setting>): ("Yes" or "No")The general settings on the SwyxServer apply for the user. This option is set by default.
Force complex password: "Yes"Regardless of the SwyxServer configuration, the user must set up a complex password.
The corresponding dialog window with brief instructions is shown to the user when changing the password.
Force complex password: "No"Regardless of the SwyxServer configuration, the user must set up a simple password.
Reset user passwords (password reset service)
The Swyx Control Center offers the possibility to reset a user password:
By the administratorAn administrator can reset the password of individual users under User | <Username> | Authentication, see 9.5 Editing the authentication settings.
The user's password will be deleted and the user will not be able to log in to SwyxServer. The user's existing login session will be automatically terminated within one hour. The user receives an email with the URL to the special Swyx Control Center dialog (SCC URL) where he has to reset his password, see 2.1 Reset password
The link to reset the password is only valid for 24 hours or until the user has changed their password.
If the user has not yet changed their password after the expiry date, reset the user's password to send a new email with the link or send the generated SCC URL with the user token directly to the user.
If the user has not yet changed their password after the expiry date, reset the user's password to send a new email with the link or send the generated SCC URL with the user token directly to the user.
Initiated by userThe user can click the Forgot password button in the login window of SwyxIt! Classic to create a new password.
The user is redirected via the SCC URL to the special Swyx Control Center dialog where he has to reset his password, see 2.1 Reset password
The following settings for SwyxServer and the SwyxWare user are required to reset user passwords:
1 E-mail server, see 4.8 Defining an email server
2. Email address of the user, see 9.3 Creating Users
3. SCC URL, see 4.7 Defining the log in settings
If two-factor authentication is activated for a user, their password can only be changed by the administrator.
Authentication with Windows user account
Each SwyxWare user can be assigned one or more Windows (domain) user accounts. The SwyxWare user must be logged in using one of these Windows user accounts to be able to use to place calls.
When a user logs in using a Windows user account, the user and SwyxServer need to be within the same domain.
For the telephony clients within SwyxWare for DataCenter andSwyxON, who are typically not in a domain with the SwyxServer, this authentication is then not possible.
For the telephony clients within SwyxWare for DataCenter andSwyxON, who are typically not in a domain with the SwyxServer, this authentication is then not possible.
Federated authentication via identity provider
If your organization uses identity provider services, you can use federated authentication instead of Windows authentication (federated authentication with OAuth 2.0 and OpenID Connect) .
If you enable an identity provider configuration, SwyxServer will offer federated authentication for selection instead of authentication via the Windows user account.
Disable all identity provider configurations to reuse Windows authentication.
Disable all identity provider configurations to reuse Windows authentication.