MicroStrategy ONE

Security Dialog

The Security page allows you to set default security options for the project. For example, adding security settings to your History List will allow you to maintain the contents within the folder. You can keep the folder organized by applying a setting that will delete all of the read messages. To access the Security page, see How to Access Project Defaults and User Preferences

Options denoted with an asterisk (*) are available only to you as the administrator. They do not appear as options in the User Preferences section that is accessible by users.

Fields

* Login modes: Choose how users are authenticated in Web. Select the Enabled checkbox next to the login mode you want to use, then select the Default option for any login mode you want to set as the default login mode in Web. The Login modes include the following:

  • Standard (user name & password): Users are prompted to enter their MicroStrategy user ID and password. This is the default out-of-the-box login mode.
  • LDAP Authentication: (Lightweight Directory Access Protocol): Users are prompted to enter an LDAP login ID and password. If the LDAP user was imported to the MicroStrategy metadata, the user has the privileges assigned to the MicroStrategy user to which it is linked (inheriting the privileges of the imported LDAP groups it belongs to). If the LDAP user was not imported, the user has the privileges of the LDAP Users group and of the imported LDAP groups to which it belongs (but will not be able to create new objects). If the user logs in as the LDAP guest, it will have the privileges of the LDAP Public group (and will not be able to create new objects either).

  • Database Authentication: Users are prompted to enter a Warehouse login ID and password. When the user logs into a project, they have the privileges assigned to the MicroStrategy user to which their Warehouse login ID is linked. If it is not linked, the user has the privileges of the Everyone group. Additionally, the Public group must have connect access to the Intelligence Server (because the connection to the three-tier project source is anonymous).

  • Guest: Users who log in using the guest account have the privileges assigned by the Public group's security role. Additionally, the Public group must have a security role assigned to it and it must have connection access to the Intelligence Server.

  • Windows Authentication: Users are not prompted to enter a login ID and password. The system identifies users by the Windows network login ID with which they are logged in to the Windows network. The user's Windows account must be linked to a MicroStrategy user. This mode is enabled only on Windows-based web servers.

  • Trusted Authentication Request: Users log in using a third-party, single sign-on authentication tool. Single sign-on (SSO) allows enterprise network users to access all authorized network resources seamlessly, on the basis of a single authentication that is performed when they initially access the network. For more information on single sign-on authentication, see Enabling single sign-on authentication in Web.

  • Integrated Authentication: Users are not prompted to enter a login ID and password. A previously configured authentication system identifies users by the Windows network login ID with which they are logged in to the Windows network. The user's Windows account must be linked to a MicroStrategy user. For more information on integrated authentication, see Enabling integrated authentication in Web.

Logout: Determine how a user's requests and History List messages are handled when a user logs out of Web.

  • Cancel this session's pending requests?: Select Yes to specify that a user's pending requests are canceled once they log out of Web, unless the user changes the corresponding User Preferences setting.

    • * Show this option in User Preferences: Determine whether the corresponding user preference is displayed for users or not. If this checkbox is selected, the Cancel this session's pending requests? option is displayed in the Security page of the User Preferences. This checkbox is selected by default.
  • Remove the finished interactive jobs from the History List: Determine if the user's document and report messages are removed from the History List when they log out of Web. You can select Yes, No, or Only the read messages. If you select Only the read messages, finished jobs for which a user has viewed the results are deleted when they log out, but jobs for which they have not viewed the results are not deleted.

    • * Show this option in User Preferences: Choose whether the matching user preference is displayed or not. If selected, the Remove the finished interactive jobs from the History List? option is displayed in User Preferences on the Security page. This checkbox is selected by default.

    By default, both the Cancel this session's pending requests? and Remove the finished interactive jobs from the History List? options are displayed in the Security page within the User Preferences. However, if you select to have neither option displayed, the Security page link in the left pane does not appear to end users, and no User Preferences logout options related to the History List and pending executions are available.

Allow URLs for Export: Only allow users to export content from URLs or URL paths specifically listed in this section. To modify this field, you must have the Web Administration privilege, Configure Server Basic privilege, and read/write access for the server definition.

Use a relative path or the following protocols: https://, http://, or file:///. Use the wildcard character (*) to include all subdomains of a URL. For example, the URL https://www.microstrategy.com/* indicates that the contents from all subdomains of www.microstrategy.com can be exported. This setting is applicable to all projects in your environment. For more information, see Specify URLs and URL Paths to Export.