8 Replies Latest reply on Dec 7, 2017 3:34 PM by rodegard

    Different Usernames for Tech/Client Accounts?

    bigolbig

      When we upgraded to 12.5.1, the option for LDAP sync with tech accounts was removed due to a security issue. I was told that the tech account username needed to be changed so it doesn't match the client username. Is this necessary? I have tested with my tech account and changed the tech username to match my client username and haven't noticed any issues. We would like to be able to use the same username for both tech and client accounts for convenience, as we have many techs and adding another unique username to their many credentials seems unnecessary.

       

      Thanks

        • Re: Different Usernames for Tech/Client Accounts?
          typhoon87

          In 12.5.2 it is necessary. I just did the upgrade from 12.5.0 to 12.5.2 and just added an extra T to the end of all the techs usernames then they have to create passwords to secure the tech accounts. They can still log in with their normal network ID that does not change.

          • Re: Different Usernames for Tech/Client Accounts?
            rodegard

            We did the same as typhoon87.  Added a T after the tech user name.  The techs use their regular ID and password to authenticate against LDAP.  This is working Ok for techs and clients.  The only issue we have seen so far is with the iOS app.  On the app setup page we have to use the ID with the T and the password entered on the tech page.  The app will not authenticate against LDAP.  Milan (the WHD product manager) is aware and asked that I submit a ticket for support to investigate further.  As of now, having to use a different ID / password for the WHD app is not an issue for the small number of techs that use it in our shop.

              • Re: Different Usernames for Tech/Client Accounts?
                bvondeylen

                I am kinda confused as well (and really don't understand how this fixes a security issue).

                 

                Are you saying your techs log in with an email address instead of a username?

                 

                Up to this time, we log in with usernames (bvondeylen) as a tech. IF I wanted to log in as a client I would log in with my email address (bvondeylen@neenah.k12.wi.us).

                 

                Are you saying I will need to add a T (or something) to my tech username (bvondeylenT) and from this point on, log in with my email address (LDAP authentication)? And that fixes a security issue?

                  • Re: Different Usernames for Tech/Client Accounts?
                    rodegard

                    Here's what I have seen after the upgrade.

                     

                    • LDAP option to authenticate tech IDs is not available.
                    • The tech has to be linked to a client in order to use the LDAP authentication
                    • There is an option under Setup-Client that allows you to switch between client user ID or client email for login.  We have it set to client user ID.
                    • If the user ID for the tech matches the linked client user ID, then LDAP authentication doesn't work.  We have to use the password that was entered for that tech to login.
                    • When we added the letter T to the end of the tech user ID, then LDAP authentication works.  So from what I see, the app looks at the tech table first, then the client table to determine valid login / password check.  All of our techs can use their normal user ID to login - WHD presents the tech view upon login.
                    • To use the iOS app, the tech has to enter their tech user ID (the one we put the T at the end of) and the password entered on the tech page.  This allows the tech to sign on the iOS app.

                     

                    Hope this helps !

                    1 of 1 people found this helpful