Enabling LoginShare for user accounts

LoginShare is the mechanism for authenticating your support desk users using an external database or authentication mechanism.

With LoginShare, you can integrate your GFI HelpDesk product with your existing Intranet, LDAP (Active Directory), or any third party applications. Single sign-on enables centralized management of user accounts from one single source.

If you already have backend systems and user databases available, this enables you to let your users log in, without registering another account.

Enabling LoginShare

To configure LoginShare settings in the support desk, click on the Users tab on the navigation menu bar, and then click LoginShare.

You are presented with all the configurable settings specific to the LoginShare configuration.

Enable external authentication for users If set to Yes, all authentication requests for the support center users are first tried against the URLUniform Resource Locator is the address of a web page on the world wide web. specified below in the "User LoginShare URL" field, that is the LoginShare API.
User LoginShare API name Specify a title/name that you wish to keep for this LoginShare for identification.
User LoginShare API URL Specify the LoginShare API URL here. This is a URL to the location of an authentication script.

It is important that your LoginShare script is properly tested or you could lock yourself out of the system.

Once enabled, the system dispatches any login requests made by your clients to the authentication URL.

LoginShare protocol

The LoginShare script needs to be designed to receive the following data via POST.

The LoginShare script needs to reply with an XML format that corresponds to one of the following formats:

Add interface related checks to your script, or you could end up allowing access to the Admin CP.

Authentication Failed

d<?xml version="1.0"encoding="UTF-8"?>

<loginshare>

<result>0</result>

<message>Invalid Username orPassword</message>

</loginshare>

Authentication Successful

<?xml version="1.0"encoding="UTF-8"?>

<loginshare>

<result>1</result>

<user>

<usergroup>Registered</usergroup>

<fullname>John Doe</fullname>

<designation>CEO</designation>

<organization>GFI, Inc.</organization> <!-- Optional: If you wish to specify the organization for user, this is only applicable fornewusers -->

<organizationtype>restricted</organizationtype> <!-- Optional: Can be "shared"or"restricted"(default) -->

<emails>

<email>john.doe@gfihelpdesk.com</email>

<email>john.doe@gmail.com</email>

</emails>

<phone>123-456-789</phone>

</user>

</loginshare>

All user accounts created by the LoginShare system have a random password assigned to them. The fields 'phone' and 'designation' are both optional.

How Is a user account Identified/Linked?

Each user account is identified based on the email address of that account. The system expects each email address to be unique; otherwise, it simply ends up updating the staff record every time a new user attempts to log in.

How are authentication failures handled?

The user's login attempt is rejected.