Enabling LoginShare for staff user accounts
LoginShare is the mechanism for authenticating your support desk users using an external database or authentication mechanism.
With LoginShare you can integrate your GFI HelpDesk product with your existing Intranet, LDAP (Active Directory) or any third party applications. Single sign-on enables centralized management of staff and user accounts from one single source.
If you already have backend systems and user databases available, this enables you to let your users log in, without registering another account.
Enabling LoginShare:
- To configure LoginShare settings in the support desk, click on the Staff tab on the navigation menu bar, and then click LoginShare.
- You are presented with all the configurable settings specific to the LoginShare configuration.
- Click Update to upload and save the settings you have made. Once enabled, the system dispatches each login by your staff to the authentication URL. It is important that your LoginShare script is properly tested or you could lock yourself out of the system.
Enable external authentication for staff | If this setting is set to Yes, all authentication requests for the staff is first tried against the URLUniform Resource Locator is the address of a web page on the world wide web. specified below in the "Staff LoginShare URL" field, that is the LoginShare API. |
Staff LoginShare API name | Specify a name that you wish to keep for this LoginShare |
Staff LoginShare API URL | Specify the LoginShare API URL here. This is a URL to the location of an authentication script. |
LoginShare protocol:
The LoginShare script needs to be designed to receive the following data via POST
- username: The username entered by the staff
- password: The password specified by the staff
- ipaddress: The IP addressAn identifier assigned to devices connected to a TCP/IP network. of staff attempting to login
- interface: The interface from which staff is attempting to log-in. For example: staff, admin, winapp, mobile
The LoginShare script needs to reply back with an XML format that corresponds to one of the following formats:
It is important to add interface related checks to your script or you could end up allowing access to the Admin CP.
Authentication failed
<loginshare>
<result>0</result>
<message>Invalid Username or Password</message>
</loginshare>
Authentication successful
All staff user accounts created by the LoginShare system have a random password assigned to them.
<loginshare>
<result>1</result>
<staff>
<firstname>John</firstname>
<lastname>Doe</lastname>
<designation>CEO</designation>
<email>john.doe@gfihelpdesk.com</email>
<mobilenumber>123-456-789</mobilenumber>
<signature>John Doe(john.doe@gfihelpdesk.com)</signature>
<team>Staff</team>
</staff>
</loginshare>
How are staff identified?
Each staff account is identified based on the username of that account. The system expects each username of staff to be unique, otherwise, it simply ends up updating the staff record every time a new staff user attempts to log in.
How is authentication failure handled?
- Staff control panel
- Administrator control panel
The staff is denied access to the staff control panel.
The system attempts to authenticate the staff against the user account information in GFI HelpDesk's default authentication system(stored in your helpdesk's database). This is to prevent any lockouts in case your LoginShare script fails or becomes unreachable.
All staff accounts created in GFI HelpDesk's default authentication system as a result of LoginShare authentication has secure random passwords assigned to them.
This means that only the staff created prior to the implementation of LoginShare are able to log in using this fallback method.