Configure authentication settings in EzeScan WebApps.

Provider

Provider:
Authentication provider to use for login requests.
Active Directory or Local Users

Local Users

Enforce password complexity
Ticking this option will enforce the following rules:

  • Password must not contain the user's username or email address.
  • Password must be six or more characters long.
  • Password must contain characters from three of the following four categories:
    • Uppercase characters A-Z (Latin alphabet)
    • Lowercase characters a-z (Latin alphabet)
    • Digits 0-9
    • Special characters (!, $, #, %, etc.)

Active Directory

ServerAddress:
IP Address or FQDN of a domain controller.
(Usually just use the domain name as that resolves to one of the many available domain controllers within the domain, so if one goes offline we can try the next one).

Use SSL:
Force the use of SSL only communication.

Required if you want to force the use of LDAPS.

When using this option ensure you use the fully qualified domain name of the AD server in the ServerAddress field and specify port 636. (Out of the box AD domain controllers will only respond with LDAPS when using the machines host name, using an IP address will not work.)

eg dc01.ad.domain.com:636

By default the communication between EWA and active directly is already secure without enabling this option.

BindingUsername:
The username of an active directory user that we can use to perform lookups of active directory users and groups.
(For testing purposes you can use any active directory user, even your own account!, for production use we recommend creating a service account in AD that we can use.)

BindingPassword:
The password of an active directory user that we can use to perform lookups of active directory users and groups.
(For testing purposes you can use any active directory user, even your own account!, for production use we recommend creating a service account in AD that we can use.)

BaseOU:
This sets the root level of where our active directory queries should operate out of.
If left blank then all users and inside Active Directory will be able to log into EzeScan WebApps and all groups will be available when setting up permissions.
If set to a specific folder such as “OU=Users,OU=EzeScan,DC=domain,DC=ezescan,DC=com,DC=au” then only the AD users and groups within that folder will be able to login/be displayed when setting up permissions.


Service Key

ServiceKey:
Sets the service key that is then granted permissions to use the API.
For example setting  the value “my-api-key” and also entering this same value into EzeScan Capture for Ricoh will allow the application to communicate with the EzeScan Web Apps instance.