11.2.1.2 The "Authentication" Tab
A client's user must authenticate when logging on to SwyxServer. The following authentication types are available:
You can specify for each user which of the three authentication types they are allowed to use.
* 
When logging in, the user is offered two authentication types, even if one or all of them are not permitted for the user:
- Windows account- or Composite authentication
- Name/password authentication
Make sure that the user can authenticate using at least one of these options.
 
Authentication with Windows user account
Each SwyxWare user can be assigned one or more Windows (domain)user accounts. The SwyxWare user must be logged in using one of these Windows user accounts to be able to use SwyxIt! Classic to place calls. You can add a Windows user by clicking on "Add…" and then making a selection from the list displayed. You can remove a Windows user account from the list by highlighting it and then clicking on "Remove".
* 
When a user logs in using a Windows user account, the user and SwyxServer need to be within the same domain.
 
* 
For the telephony clients within SwyxWare for DataCenter andSwyxON, who are typically not in a domain with the SwyxServer, this authentication is then not possible.
 
Federated authentication via identity provider
If your organization uses identity provider services, you can use federated authentication instead of Windows authentication (federated authentication with OAuth 2.0 and OpenID Connect) .
* 
If you activate an identity provider configuration, federated authentication is offered for selection on SwyxServer instead of authentication via the Windows user account.
Deactivate all identity provider configurations to use Windows authentication again.
 
Authentication with user name and password
If necessary, enter a user name and password with which a user can log in to SwyxWare Administration and the clients.
The user name must correspond to the UPN format (User Principal Name): User login name +"@" + UPN suffix. You can use the domain name or an alias as the UPN suffix.
Example: john.jones@company.com
You can set the UPN suffix in the server properties, see 7.5.18 The "Security" tab.
* 
Users configured before V 11.25 do not use UPN.
To enable these users to log in via UPN, enter the appropriate UPN for each user.
 
The user name is used to create a SIP user ID.
Force complex password:
As an administrator, you can force or deactivate the use of complex passwords as a general rule for SwyxServer in server configuration ( Password settings)
This rule can be configured individually for each user.
You can select among the following three options in the "force complex password" option field:
*Use server default settings (<current setting>): ("Yes" or "No")
The general settings on the SwyxServer apply for the user. This option is set by default.
*Force complex password: "Yes"
Regardless of the SwyxServer configuration, the user must set up a complex password.
The corresponding dialog window with brief instructions is shown to the user when changing the password.
*Force complex password: "No"
Regardless of the SwyxServer configuration, the user must set up a simple password.
Reset password:
The password reset service in Swyx Control Center allows you to reset your own password or the password of a user:
*By the administrator
An administrator can reset a user's password by clicking on the "Reset password" button.
The user's password is deleted and the user can no longer log in to SwyxServer. The user's existing login session is automatically terminated within one hour. The user receives an e-mail with the URL to the special Swyx Control Center dialog (SCC-URL) where he has to reset his password, help.enreach.com/controlcenter/latest.version/web/Swyx/en-US/#context/help/PasswordReset_$
* 
The SCC URL for resetting the password is only valid for 24 hours or until the user has changed their password.
If the user has not yet changed their password after the validity period has expired, reset the user's password to send a new email with the URL or send the generated SCC URL with the user token directly to the user, see help.enreach.com/controlcenter/latest.version/web/Swyx/en-US/#context/help/Users-Edit-Authentication
 
*Initiated by the user
The user can click on the "Forgot password" button in the login window of SwyxIt! Classic to create a new password.
The user is redirected via the SCC URL to the special Swyx Control Center dialog where he has to reset his password, see help.enreach.com/controlcenter/latest.version/web/Swyx/en-US/#context/help/PasswordReset_$
The prerequisites for resetting user passwords are the following settings for SwyxServer and the SwyxWare user:
1 E-mail server, see 7.5.9 The "Mail Server" Tab
2. E-mail address of the user, see 11.2.1.1 The "Administration" Tab