Documentation forWeb Help Desk
Thinking of upgrading to the cloud? Learn more about migrating from Web Help Desk to Service Desk.

Configure the authentication settings

Use Authentication settings to configure the authentication methods used to access Web Help Desk.

If you plan to install FIPS 140-2 compliant cryptography in your deployment, use the Password Security Migration Tool to encrypt all client and tech account passwords to FIPS 140-2 cryptography prior to activation. The migration tool invalidates all stored client and tech passwords that use a weaker cryptography standard.

All techs who did not log in to Web Help Desk before their planned migration date will not be able to log in. To enable techs to recover their password, select Web Help Desk as the Authentication Method and select the Show Forgot Password Button checkbox.

See the following sections:

Configure the authentication method and settings

  1. Log in to Web Help Desk as an administrator.

  2. Click Setup > General > Authentication.

  3. In the Authentication Method drop-down menu, specify how Web Help Desk identifies users when they log in.

    The following table describes each menu option.

    Authentication method Description
    Web Help Desk

    Authenticates the user with the user name and password.

    User names and passwords are pulled from the Web Help Desk database or imported from Active Directory or LDAP connections.
    HTTP Header Uses web servers (such as Apache HTTP Server) to forward externally-authenticated user information using HTTP headers.
    HTTP Form Value Forwards the authenticated user name through an HTTP name/value pair instead of an HTTP header.

    SAML 2.0

    (Security Assertion Markup Language)

    An XML protocol that provides authentication from an identity provider (IdP) to a service provider (SP).

    See Deploy SSO with SAML Using AD FS for details about configuring SAML with AD FS for Web Help Desk.

    Configure AD FS separately for Web Help Desk integration. See the AD FS 2.0 step-by-step and how-to guides at the Microsoft Docs website for more information.

    CAS 2.0

    (Central Authentication Service)

    Uses a single sign on (SSO) service URL to authenticate the user provided by Web Help Desk.

    The CAS server sends the user back to Web Help Desk and attaches a digital ticket to the Web Help Desk URL. Web Help Desk submits the ticket to the CAS validate URL to obtain the authenticated user name.

    See Deploy SSO with CAS 2.0 for details on how to set up CAS 2.0 on your Web Help Desk Tomcat server.

  4. Select your authentication method options. Based on your selected method, some options may not apply.

    1. Select Show Password Settings to display the Password and Confirm Password fields. Otherwise, leave this checkbox unchecked.

    2. Select Show Login Message to display the Login Message text in the Log In window.

    3. If you selected Show Login Message, enter a message in the Login Message box to be displayed in the user Log In window.

      See Customize tickets, notes, instructions, and emails with BBCode for details about customizing your login message field text.

    4. Select Remember Login ID to display the Remember Login ID option in the Log In window.

    5. If available, select the Show "Remember me" Checkbox option to display the Remember me checkbox in the Log In window.

    6. Select the Show Forgot Password Button option to display the Show Forgot Password button in the Log In window.

      If the checkbox is not selected and the Show Forgot Password button is not enabled, users are prompted to contact their Web Help Desk administrator to reset their password.

    7. Enter a message in the Forgot Password Message text box that provides instructions when a user forgets their password. Include an administrator email address in case a user needs to contact you when they are locked out of the application.

    8. From the Max Authentication Attempts Before Lockout menu, select the number of user attempts before the user is locked out of the application.

  5. Complete the following fields to specify the password complexity requirements:

    1. From the Max Authentication Attempts Before Lockout drop-down menu, select the maximum number of invalid login attempts a user can make before the user is locked out. You can allow up to 10 attempts.

    2. In the Minimum Password Length field, specify the minimum number of characters a password must have.

    3. From the Password expiration time drop-down menu, specify the length of time before the password must be reset.

    4. Select one of the following options to specify the password complexity requirements:

      • Mixed Capitalization: The password must contain at least one uppercase and one lowercase letter.

      • Mixed Capitalization and numbers: The password must contain at least one uppercase letter, one lowercase letter, and one number.

      • Mixed Capitalization, numbers, and special characters: The password must contain at least one uppercase letter, one lowercase letter, one number, and one of the following special characters:

        ! @ # $ % & * - _ < >

  6. In the Logout URL box, enter the targeted URL that Web Help Desk redirects to when the user logs out.

    If you are using SAML or CAS authentication, this page signs the user out of all system services or provides the option to sign out.

    Leave this field blank to use the Web Help Desk default logout page.

  7. In the Tech Session Timeout box, enter the number of minutes a tech or administrator session remains active with no application requests.

  8. In the Client Session Timeout box, enter the number of minutes a client session remains active with no application requests.

  9. Select the Disable Tech Session Timeouts for Open Windows option to prevent tech sessions from timing out when the tech has a web browser window opened with the Web Help Desk tech interface.

  10. Select the Require Authentication on External Hyperlinks option to indicate whether external links to Web Help Desk (such as those included in emails that link to attachments and FAQs) require the user to authenticate. The user must have a valid password.

    If the option is not selected, an unauthorized user could access sensitive information by simply obtaining the URL.

    If automatic login is enabled and the user is authenticated, cookies provide the authentication credentials. As a result, the user is not required to log in.

  11. Complete the Application API Keys section to allow third-party applications to perform actions through the REST API on behalf of users, without providing their passwords.

    Click Next to display the following form.

    When authenticating to the REST API, use an application API key in place of the user's password.

    In the App Description field, enter a description of the third-party application using the API Key, and then click Regenerate Key. An API key is displayed, which you can use to authenticate to the Web Help Desk API.

    You can use application API Keys in place of passwords to authenticate users to the API so applications can perform actions on behalf of users without having access to their passwords.

    Use caution when using API keys, as they provide unlimited access to Web Help Desk through the REST API. When possible, use the individual Tech API keys instead.

    API Keys should only be sent using secure (SSL) requests and should not be exposed to the user. SolarWinds recommends using the application API key to obtain a session key, and then use the session key to authenticate the subsequent requests.

  12. Click Save.

Encrypt passwords using the Password Security Migration Tool

If you install FIPS 140-2 cryptography in an existing deployment, you can use the Password Security Migration Tool to ensure that all client and tech account passwords are migrated to FIPS 140-2 cryptography.

See the tooltip for more information.