Login Services¶
Login Services controls which authentication methods users can use to sign in to Emakin. This includes built-in login services, Active Directory / LDAP, and OpenAuth-based providers.
When to Use This Page¶
Use this page when you need to:
- enable or disable available login methods
- configure the user-facing login options shown on the sign-in page
- require 2FA for selected login methods
- connect Active Directory / LDAP
- link OpenAuth-based services defined under Integrated Services
The documented built-in login options are Emakin and Active Directory. Additional OpenAuth-based services can be added through integrated service configuration.
Currently documented OpenAuth services:
- Office 365
- Keycloak
- E-Devlet
Standard Login Service Settings¶
Each login service can define:
Name¶
The user-facing label shown on the login page.
Is Enabled?¶
Controls whether the login method is available to users.
Requires 2FA¶
Forces two-factor authentication after successful login for that service. The documentation states that Emakin manages the 2FA provisioning workflow automatically.
OpenAuth-Specific Settings¶
For integrated OpenAuth services, additional settings can be shown:
UserId¶
Defines which returned user property should be treated as the unique user identifier inside Emakin. This is useful when the provider returns an internal ID but a different attribute should be used for user matching.
Scopes¶
Defines the OpenAuth scopes requested from the identity provider. This setting is only shown for integrated services and does not apply to built-in services.
Active Directory / LDAP¶
Emakin also supports authentication against Active Directory or LDAP.
Once an Active Directory login service is added, a dedicated AD configuration area becomes available. Multiple AD servers can be defined and selected dynamically by applying rules to the entered username or logon ID.
AD / LDAP Server Settings¶
Is Enabled?¶
Enables or disables the selected AD server configuration.
Host¶
DNS name of the AD or LDAP server, for example ldaps.mycorp.com.
Port¶
LDAP port. If set to 0, the documented defaults are 636 for SSL and 389 for non-SSL.
SSL¶
Controls whether SSL is used for the LDAP connection. The documentation notes that certificate validation is not performed, which allows self-signed certificates.
Root DN¶
Defines the root distinguished name used for LDAP searches. Authentication fails if the user cannot be found under this root, even when credentials are correct.
Default Domain¶
Defines the default AD domain used when the entered username does not already specify a domain such as MYDOMAIN\user or [email protected].
User Name Field¶
Defines the LDAP attribute used as the login name. The documented default is sAMAccountName, though some LDAP servers may use uid.
Search Field¶
Defines the LDAP search expression used to locate the user. The documented default is:
1 | |
In that expression, {0} resolves to the configured user-name field and {1} resolves to the entered username.
Rules¶
Rules are regular expressions evaluated against the entered username. If a rule matches, the corresponding AD service configuration is used. This allows one Emakin environment to route different username patterns to different directory servers.