Authentication Settings#
The Default Role settings option allows us to define which role is assigned to new users (see user roles for details about permissions).
Warning
It is recommended to set this to the lowest role possible, i.e. Researchers. Otherwise, new users will be able to change the content for all other users in the DSW instance.
Internal#
For internal authentication, we can set whether the Registration is enabled or not. If enabled, any user who can visit the DSW instance may sign up (and obtain the default role).
Note
In case we are using OpenID or creating user accounts manually, registrations should be disabled.
Another option is whether the Two-Factor Authentication (2FA) is enabled. If enabled, once users try to log in using credentials, they receive an email message with one-time code to confirm the login. Moreover, we can configure Code Length (how many character the code has) and Expiration period in seconds.
External#
Using these settings we can add OpenID Services to allow logging into the DSW instance via external identity provider. First, press Add and fill ID of the service (use only lowercase alphanumeric characters or dash symbols). Then, we should prepare the client application on the side of OpenID service:
Use Callback URL (and optionally Logout URL) to create the client
Obtain Client ID and Client Secret
Obtain OpenID endpoint URL (we may get one ending with
/.well-known/openid-configuration
, if so we just use the part before this suffix)Configure the client to have the following claims:
openid
,profile
,email
Configure the client to provide the following details in ID tokens:
email
,given_name
,family_name
Back in the DSW settings, we can fill Client ID, Client Secret, and URL from our OpenID client together with optional Parameters (usually not needed). Finally, we can configure how the log-in button will look like by setting Icon (by using Font Awesome), Name, Background, and text/icon Color.
Note
After setting a new OpenID service, we should directly test it and verify that the configuration works well. For that, we can simply open our DSW instance in a new anonymous window of the web browser.