Authentication

Configuration Name	Description	Default Value	Tags
Truncate User Name	Truncate username at the time of login if user is using user principal name	True	-
Directory Service Test Connection Retry Count	Number of fail attempt before switching directory service	1	-
User Authorization Control	If true HyWorks fetches user's group and OU information from configured active directory authentication server. Disabling it will cause entitlements not working done using user groups or OUs. It can be disabled in deployments where major performance or slowness is observed due to group fetching from active directory authentication server, but the deployment must use only user based entitlements. Recommended to keep it as true only.	True	Control, Authentication Domain
User Authentication Control	Authenticating user with configured authentication server. Recommended to keep it as true. But in workgroup environments where user password may be different on front-end HySecure server and HyWorks, authentication can be kept as false as user will get authenticated via HySecure but will get authentication failure in HyWorks because of use of different authentication server. Note: Keeping it as false, will make HyWorks to allow logon of users without authentication.	True	Control, Authentication Domain
AD user change password type	For user password change type, there are 2 ways 1:DirectoryEntry, 2:PrincipalContext	1	-
Login Options	To login user, there are two option: 0:Default behavior is reconnect SHD and App Session, 1:Cleanup SHD and App Session	0	-
Logged In User Name Override	HyLite will Override logged in User Name sent by the HyWorks if value set to True	True	-
Active directory options	Following four options change AD authorization: 1: GroupPrincipal, 2: DirectoryEntry, 3: GroupPrincipalAndDirectoryEntry, 4:DirectoryEntryAndGroupPrincipal, 5: DirectorySearcher.There is one more that change AD authentication and authorization i.e. 6:LDAP Searcher. Default method is 3.	6	Control, Authentication Domain