Below is a list of settings within the PC-Duo Identity Manager (PIM).
Identity Manager URL: This is the canonical URL by which the Identity Manager component is accessed. Note that there must be one URL accessible by both internal and external network users.
Web Console URL (Internal Network): This is the canonical URL by which the Web Console (root application) component is accessed. This URL is used for users on the internal network.
Example: https://servername/
Installation Default Value: https://servername/
Web Console URL (External Network): This is the canonical URL by which the Web Console (root application) component is accessed. This URL is used for users on the external network.
Example: https://servername/
Installation Default Value: https://servername/
Allow local Active Directory login: This value is True to allow authentication using Windows Authentication and local machine or Active Directory accounts. This value must be True to allow programmatic (SDK) access to the system. If False, the Aure Active Directory configuration must be set up, and those accounts are used exclusively.
Description: Set to TRUE to allow local Active Directory login
Installation Default Value: True
Use LDAPS for directory services - This setting only applies if "Allow local AD login" is True. When this is True, PC-Duo makes LDAP queries to Active Directory via the LDAPS protocol, which must be enabled in the domain.
Set to TRUE to require use of LDAPS (LDAP over SSL) instead of unencrypted LDAP when accessing Active Directory
Installation Default Value: False
6. Allow installed Master to Single Sign On: This setting only applies if "Allow local AD login" is True. When this is True, PC-Duo Master and other fat-client applications can perform single sign-on using Windows Authentication, and these clients do not provide a choice to use Aure AD authentication. To allow Azure AD authentication from PC-Duo Master and other fat clients, set this value to False.
Set to TRUE to allow installed Master to SSO with Windows login credentials; otherwise, requires browser-based login
Installation Default Value: True
7. Prefer UPN name format: This setting only applies if "Allow local AD login" is True. When this is True, accounts from Active Directory domains are displayed in UPN format. Machine local accounts are always displayed in SAM format.
Set to TRUE to prefer User Perincipal Name (user@domain) over SAM (DOMAIN\user) account format
Default Installation Value: True
8. Allow Aure AD login: This value is True to enable authentication with Aure Active Directory. The four Azure AD settings that follow must be filled in correctly for Azure AD integration to work
Set to TRUE to allow Azure AD login; Aure settings must be filled in
Installation Default Value: False
9. Aure Domain: The Aure Active Directory domain name. For test domains, this is typically something.onmicrosoft.com; or this is a more recognizable name if you have registered and configured a custom domain in your directory.
This is the domain name of the directory containing the user accounts
Default Installation Value: Blank
10. Azure Application Client ID (aka Client ID): The Azure Applcation ID (also formerly called the Application Key).
This is the Application ID found in the Azuremanagement portal, under Application Registrations
Installation Default Value: Blank
11. Azure Client Secret (aka Application Key): The Azure Client Secret for the application registration.
This is the application password founbd in the Azure management portal under Application Registration > Certificates and Secrets > Client Secrets
Installation Default Value: Blank
12. Require Azure AD for web-based application logins: This setting only applies if "Allow local AD login" is True, and "Allow Azure AD login" is True. When this value is False (the default), users logging into the Web Console (e.g. via the FIND button) are given a choice of entering Windows Account credentials (e.g. local domain account), or clicking the Azure AD button in the "Login using Cloud Identity Provider" section. When this value is True, this screen is not presented, and users are automatically directed to login with an Azure AD account. [Introduced in v13.3 HF#2]
Set to TRUE to cause Find a Desktop login path to immediately redirect to Azure AD and disallow local account login; otherwise user has choice of local account or Azure AD login if both are enabled.
Installation Default Value: False
13. Allow access to LOGIN button from external addresses
The Web Console "landing page" provides access to both the Host on Demand functionality ("SHARE" button), and the Web Console ("FIND" button). When this value is FALSE, access to the Web Console and Identity Manager login is restricted for users at external network addresses.