google authenticator

[jzimmer 1]

We are setting up google authenticator to be used, it is working fine but we have a customer requesting to not use it. I have them in their own group and have a security policy created and item 7 in the policy lets you change authentication options. But all options are grayed out other then system wide settings. Same is true if i try to change it per user under preferences?

 

Is there a way to enable the other options, mainly we want to use manual AD instead of manual AD and Google authentication on a sub set of users.

 

 

Thanks for any help.

[support 214]

Hi jzimmer,

 

I did test this and can replicate the same issue. On the User Account Policy screen, if you click on the 'Check for Conflicts' button, it should report that this setting has been applied more than once for the user. Unfortunately when a setting in two different policies is in effect for a user, there's no way of us knowing which one we should apply.

 

So to fix this, you will need to use different security groups if possible, so the user's account does not see any conflicts for multiple policies - does this make sense?

 

Regards

Click Studios

[jzimmer 1]

This does make sense, however as of now we have not policies, I was making the first one. We are also having the same issue if a user were to go to preferences and try to change their authentication option there, everything but the system wide option is grayed out.

 

 

  Attached is a screen capture of the preferences page.

[jzimmer 1]

To best describe my issue, it seems that passwordstate is forcing users to use the System Wide Authentication method, and not allowing anyone to change it. 

 

Is there a setting somewhere that I am missing that enforces the System Wide Authentication method?

[support 214]

Hi jzimmer,

 

Can you tell me in IIS for the Passwordstate web site, have you enabled anonymous authentication for the site? If so, this would explain why those settings are disabled - there's no point allowing users to try and set this for themselves, because when you first visit the site with anonymous authentication is enabled, the user's account is not known - until they authenticate.

 

If you have enabled anonymous authentication, is it because you were having issues with the browser prompting you for authentication? If so, the following article should help - http://www.clickstudios.com.au/community/index.php/topic/1305-passwordstate-prompts-for-authentication/ - normally suggestion 1 helps.

 

Regards

Click Studios

[jzimmer 1]

Ok, that makes since. We have to leave anonymous authentication on because we have users from many different domains logging on. They have a user account on our domain, but the PC they are using may be on a different domain. 

[support 214]

Okay - that makes sense. Thanks.

[jzimmer 1]

So, we got this set up and it is working, however:

 

before we set this up, we had people log in with the username that we had set an AD, now after we set this up users have to log in with domain\username. If they try to enter their email and password, it will keep generating a new key and never let them sign in. Any thought on how i can allow users to use email again?

[support 214]

Hi jzimmer,

 

Unless you have being used Forms Based authentication, and specified the user's UserID field as their email address, you've never been able to authenticate this way when using AD authentication - you must specify it in the format of domain\username.

 

If you go to the screen Administration -> User Accounts, what format is the UserID column? This is what they will need to log in with. Let me know if I've misunderstood the issue at all.

 

Regards

Click Studios