MicroStrategy ONE

How to Establish Default Login Requirements for Web

You can determine how users log into MicroStrategy Web by defining the defaults for the MicroStrategy Web server. You can define default login requirements for all projects or a specific project.

How to Establish Default Login Requirements for All Projects

  1. Access the MicroStrategy Web Administrator page. (How?)

  2. From the pane on the left, select Default properties. The Default Server Properties page opens.

  3. In the Login area, choose which of the following login modes is enabled or disabled, and which mode is the default. The following login modes are available:

    • Standard (user name & password): Users are prompted to enter their MicroStrategy user ID and password. This is the default login mode.

    • LDAP Authentication: (lightweight directory access protocol): Users are prompted to enter an LDAP login ID and password. If the LDAP user was imported to the MicroStrategy metadata, the user would have the privileges assigned to the MicroStrategy user to which they are linked (inheriting the privileges of the imported LDAP groups it belongs to). If the LDAP user was not imported, the user will have the privileges of the LDAP Users group and of the imported LDAP groups to which it belongs (but will not be able to create new objects). If the user logs in as the LDAP guest, they will have the privileges of the LDAP Public group (and will not be able to create new objects either).

    • Database Authentication: Users are prompted to enter a Warehouse login ID and password. When the user logs into a project, they will have the privileges assigned to the MicroStrategy user to which their Warehouse login ID is linked. If it is not linked, the user will have the privileges of the Everyone group. For this to work, the Public group must have connect access to the Intelligence Server (because the connection to the three-tier project source is anonymous).

      If a user logs into MicroStrategy Web using Database Authentication, the Preferences page is not available.

    • Guest: Users who log in using the guest account have the privileges assigned by the Public group's security role. For this to work the Public group must have a security role assigned to it and it must have connection access to the Intelligence Server.

    • Windows Authentication: Users are not prompted to enter a login ID and password. The system identifies users by the Windows network login ID with which they are logged in to the Windows network. For this to work, the user's Windows account must be linked to a MicroStrategy user. This mode is enabled only on Windows-based Web servers.

    • Integrated Authentication: Users are not prompted to enter a login ID and password. A previously configured authentication system identifies users by the Windows network login ID with which they are logged in to the Windows network. For this to work, the user's Windows account must be linked to a MicroStrategy user. For more information on integrated authentication, see How to Enable Integrated Authentication.

    • Trusted Authentication Request: Users log in using a third-party, single sign-on authentication tool. Single sign-on (SSO) allows enterprise network users to access all authorized network resources seamlessly, on the basis of a single authentication that is performed when they initially access the network. For more information on single sign-on authentication, see How to Enable Single Sign-On Authentication.

    • MicroStrategy Identity: Users log in using MicroStrategy Identity. MicroStrategy Identity is a multi-faceted enterprise solution that offers the best combination of security and convenience for accessing digital and physical assets. The first component of MicroStrategy Identity is MicroStrategy Badge; this product creates a mobile identity on your smartphone that replaces access control tools like keycards, passwords, and security tokens with a unified digital credential that does not sacrifice security. The second component is MicroStrategy Communicator, which provides identity discovery, location awareness, and two-way communication. These features can be leveraged to coordinate activities across a distributed group of users enabled with MicroStrategy Badge.

    • OIDC Authentication: Users are redirected to an OpenID Connect compliant IDP provider to facilitate single sign-on (SSO). Single sign-on (SSO) allows enterprise network users to access all authorized network resources seamlessly, on the basis of a single authentication that is performed when they initially access the network. For more information on single sign-on authentication, see How to Enable Single Sign-On Authentication. It is a standalone authentication and does not work together with other auth modes.

    • SAML Authentication: Users are redirected to a SAML compliant IDP provider to facilitate single sign-on (SSO). Single sign-on (SSO) allows enterprise network users to access all authorized network resources seamlessly, on the basis of a single authentication that is performed when they initially access the network. For more information on single sign-on authentication, see How to Enable Single Sign-On Authentication. It is a standalone authentication and does not work together with other auth modes.

  4. If you select the Override project login mode settings checkbox, the login mode selections you make when completing these steps are applied to all projects for you MicroStrategy Web server. Any login mode changes made for a particular MicroStrategy project are ignored. This checkbox is cleared by default.

    Applying the login mode selections to all projects can be helpful in certain scenarios. For example, this can provide a quick way to update the login mode for all projects when your security and authentication standards change. After making the required changes, any project specific login mode changes could be made for each project, and then this checkbox could be cleared to apply the new project defaults. Another scenario where this option could be beneficial is if you anticipate using the same login mode options for all projects. Selecting this option allows you to prevent any changes at the project level from causing unintended or unallowed changes to the login mode.

  5. Determine which projects are displayed to users by selecting an option from the Project List drop-down list. For details, see How to Specify Which Projects are Displayed to Users.

  6. If you selected Trusted Authentication Request mode above, from the Trusted Authentication Providers drop-down list, specify which application to use for single sign-on functionality. The drop-down list provides a list of the applications with which MicroStrategy Web can integrate to enable single sign-on authentication. The default application is CA SiteMinder. For more information on using single-sign on authentication, see How to Enable Single Sign-On Authentication.

  7. Click Save.

How to Establish Default Login Requirements for a Specific Project

  1. Log in to a MicroStrategy project using an account with Web administrator privileges.

  2. From the upper right of any page, click the username drop-down and select Preferences. The Preferences page opens.

  3. From the pane on the left, select Project Defaults. The Project Defaults page opens.

  4. From the pane on the left, select Security.

  5. In the Login modes area, choose which of the following login modes is enabled or disabled, and which mode is the default.

    • If a user logs into MicroStrategy Web using Database Authentication, the Preferences page is not available.

    • If you selected Trusted Authentication Request mode, you must specify which application to use for single sign-on functionality. You can do this in the Default Server Properties page in MicroStrategy Web. For steps, see How to Enable Single Sign-On Authentication.

  6. Click Apply.

Related Topics

How to Enable the Web Guest User Account