TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
59673 Commits
139 Branches
203 Tags
1.2 GiB
Tag: Branch: Tree: 33c4eaca2e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '33c4eaca2e'
${ noResults }
openproject/docs/system-admin-guide/authentication/authentication-faq/README.md

63 lines
5.6 KiB
Raw Normal View History Unescape

Add FAQ sections and FAQs (#9065) * first batch of changes for FAQ [ci skip] * second batch for FAQ [ci skip] * added reference to FAQ on pricing website [ci skip] * small changes [ci skip] * moved one FAQ [ci skip] * some corrections [ci skip] * third batch of changes for adding FAQs [ci skip] * added separate section for FAQ [ci skip] * small corrections including direct link to pricing FAQ [ci skip] * moving FAQ in new structure part 1 [ci skip] * moving FAQ in new structure part 2 [ci skip] * fourth batch of adding FAQ [ci skip] * fifth batch of FAQ changes [ci skip] * sixth batch of FAQ added [ci skip] * seventh batch of FAQ added [ci skip] * small changes to explanation of work package relations [ci skip] * eighth batch of FAQ additions [ci skip] * ninth batch of FAQ additions [ci skip] * solving merge issues [ci skip] * removed FAQ [ci skip] * add FAQ from Manage members section [ci skip] * typo [ci skip] * small changes [ci skip] * adding new FAQ [ci skip] * Shorten file paths to avoid Windows errors * adding or changing FAQs [ci skip] * corrections and additions [ci skip] * changing/adding hierarchy and more [ci skip] * restructuring [ci skip] * restructure, correct, change [ci skip] * additional FAQs [ci skip] * move 2 FAQs regarding boards [ci skip] * Links to other FAQ pages, support options [ci skip] Co-authored-by: Aleix Suau <info@macrofonoestudio.es>
4 years ago
---
sidebar_navigation:
Changes of FAQ pages naming [ci skip]
4 years ago
title: Authentication FAQ
Add FAQ sections and FAQs (#9065) * first batch of changes for FAQ [ci skip] * second batch for FAQ [ci skip] * added reference to FAQ on pricing website [ci skip] * small changes [ci skip] * moved one FAQ [ci skip] * some corrections [ci skip] * third batch of changes for adding FAQs [ci skip] * added separate section for FAQ [ci skip] * small corrections including direct link to pricing FAQ [ci skip] * moving FAQ in new structure part 1 [ci skip] * moving FAQ in new structure part 2 [ci skip] * fourth batch of adding FAQ [ci skip] * fifth batch of FAQ changes [ci skip] * sixth batch of FAQ added [ci skip] * seventh batch of FAQ added [ci skip] * small changes to explanation of work package relations [ci skip] * eighth batch of FAQ additions [ci skip] * ninth batch of FAQ additions [ci skip] * solving merge issues [ci skip] * removed FAQ [ci skip] * add FAQ from Manage members section [ci skip] * typo [ci skip] * small changes [ci skip] * adding new FAQ [ci skip] * Shorten file paths to avoid Windows errors * adding or changing FAQs [ci skip] * corrections and additions [ci skip] * changing/adding hierarchy and more [ci skip] * restructuring [ci skip] * restructure, correct, change [ci skip] * additional FAQs [ci skip] * move 2 FAQs regarding boards [ci skip] * Links to other FAQ pages, support options [ci skip] Co-authored-by: Aleix Suau <info@macrofonoestudio.es>
4 years ago
priority: 001
description: Frequently asked questions regarding authentication
robots: index, follow
keywords: authentication FAQ, LDAP, SAML, SSO
---
# Frequently asked questions (FAQ) for authentication
fix(docs): stop using https://docs.openproject.org; fix redirected links (#9400)
3 years ago
Additional information regarding the use of LDAP from a user management perspective can be found [in this FAQ section](../../users-permissions/users-permissions-faq).
Add FAQ sections and FAQs (#9065) * first batch of changes for FAQ [ci skip] * second batch for FAQ [ci skip] * added reference to FAQ on pricing website [ci skip] * small changes [ci skip] * moved one FAQ [ci skip] * some corrections [ci skip] * third batch of changes for adding FAQs [ci skip] * added separate section for FAQ [ci skip] * small corrections including direct link to pricing FAQ [ci skip] * moving FAQ in new structure part 1 [ci skip] * moving FAQ in new structure part 2 [ci skip] * fourth batch of adding FAQ [ci skip] * fifth batch of FAQ changes [ci skip] * sixth batch of FAQ added [ci skip] * seventh batch of FAQ added [ci skip] * small changes to explanation of work package relations [ci skip] * eighth batch of FAQ additions [ci skip] * ninth batch of FAQ additions [ci skip] * solving merge issues [ci skip] * removed FAQ [ci skip] * add FAQ from Manage members section [ci skip] * typo [ci skip] * small changes [ci skip] * adding new FAQ [ci skip] * Shorten file paths to avoid Windows errors * adding or changing FAQs [ci skip] * corrections and additions [ci skip] * changing/adding hierarchy and more [ci skip] * restructuring [ci skip] * restructure, correct, change [ci skip] * additional FAQs [ci skip] * move 2 FAQs regarding boards [ci skip] * Links to other FAQ pages, support options [ci skip] Co-authored-by: Aleix Suau <info@macrofonoestudio.es>
4 years ago
## How do I set up OAuth / Google authentication in the Enterprise cloud?
The authentication via Google is already activated in the Enterprise cloud. Users who are invited to OpenProject, should be able to choose authentication via Google. There should be a Google button under the normal user name / password when you try to login.
## How can I disable the Google authentication?
Disabling the Google based authentication is currently not possible for cloud based installations.
For on premises installations the functionality can be deactivated the same way it was activated.
## Can we ensure that passwords are secure / have a high strength?
Expanding documentation (#9091) * changed screenshots for projects chapter * changed screenshots in gantt chart chapter * moved "aggregation by project" from work packages to Gantt chart chapter * changed some links * move reference to Excel sync out of Gantt chart chapter * small changes * add initial setup section for administrators to documentation Idea and main content from @ivangriggs Co-Authored-By: ivangriggs <77022874+ivangriggs@users.noreply.github.com> * smaller improvements to docs * improve documentation of manual and automatic scheduling mode * small improvements in docs * small changes * adding section for search options in OpenProject * move section about hourly rate defintion to system admin guide * formatting changes * explaining assignee filter options * change section header to make it detectable when searching for "projects overview" * clean up table of contents, make titles consistent, remove excessive space characters, etc. * update screenshots * changes to project overview docs * add screenshot for search bar * make info about aggregation of changes in activity and notifications easier detectable * small improvements * add info about non member and anonymous role * changes/additions * small changes * add additional options to access context menu * add sum feature for work package list to docs and change screenshot * add/improve info about email notifications * link fixes (necessary due to structural changes in documentation) * working in review comments * changes for time tracking activities * change screen shots for wiki - more functions section * change screenshots and improve description for meetings * improve detectability of mention feature * move FAQ in authentication * add how to reset password * improve explanation on how to un-archive projects * mention Mattermost integration * small correction
4 years ago
Password parameters for OpenProject can be configured on each OpenProject environment. Typically passwords require 10+ characters, as well as special characters. Please find the respective instruction [here](../authentication-settings/#configure-password-settings).
Add FAQ sections and FAQs (#9065) * first batch of changes for FAQ [ci skip] * second batch for FAQ [ci skip] * added reference to FAQ on pricing website [ci skip] * small changes [ci skip] * moved one FAQ [ci skip] * some corrections [ci skip] * third batch of changes for adding FAQs [ci skip] * added separate section for FAQ [ci skip] * small corrections including direct link to pricing FAQ [ci skip] * moving FAQ in new structure part 1 [ci skip] * moving FAQ in new structure part 2 [ci skip] * fourth batch of adding FAQ [ci skip] * fifth batch of FAQ changes [ci skip] * sixth batch of FAQ added [ci skip] * seventh batch of FAQ added [ci skip] * small changes to explanation of work package relations [ci skip] * eighth batch of FAQ additions [ci skip] * ninth batch of FAQ additions [ci skip] * solving merge issues [ci skip] * removed FAQ [ci skip] * add FAQ from Manage members section [ci skip] * typo [ci skip] * small changes [ci skip] * adding new FAQ [ci skip] * Shorten file paths to avoid Windows errors * adding or changing FAQs [ci skip] * corrections and additions [ci skip] * changing/adding hierarchy and more [ci skip] * restructuring [ci skip] * restructure, correct, change [ci skip] * additional FAQs [ci skip] * move 2 FAQs regarding boards [ci skip] * Links to other FAQ pages, support options [ci skip] Co-authored-by: Aleix Suau <info@macrofonoestudio.es>
4 years ago
## How can a user change his/her authentication method?
Users who want to change their authentication method can just be re-invited. Go to *Administration -> Users* and click on the respective user. Then in the top there is a **Send invitation** button. This will allow the user to change their authentication method from password to Google and vice versa. They just have to click the link they will get via email and can choose to log in with the new method.
## I am an administrator of an on-premises installation of OpenProject. Our users can't login and when I send them a link to login they don't receive it. What can I do?
Probably it has something to do with the configuration of the email server if messages do not arrive. As a workaround, you can first [manually set a password](../../users-permissions/users/#manage-user-settings) for the users and send it to them by protected channels (then the users can log in in any case).
Expanding documentation (#9091) * changed screenshots for projects chapter * changed screenshots in gantt chart chapter * moved "aggregation by project" from work packages to Gantt chart chapter * changed some links * move reference to Excel sync out of Gantt chart chapter * small changes * add initial setup section for administrators to documentation Idea and main content from @ivangriggs Co-Authored-By: ivangriggs <77022874+ivangriggs@users.noreply.github.com> * smaller improvements to docs * improve documentation of manual and automatic scheduling mode * small improvements in docs * small changes * adding section for search options in OpenProject * move section about hourly rate defintion to system admin guide * formatting changes * explaining assignee filter options * change section header to make it detectable when searching for "projects overview" * clean up table of contents, make titles consistent, remove excessive space characters, etc. * update screenshots * changes to project overview docs * add screenshot for search bar * make info about aggregation of changes in activity and notifications easier detectable * small improvements * add info about non member and anonymous role * changes/additions * small changes * add additional options to access context menu * add sum feature for work package list to docs and change screenshot * add/improve info about email notifications * link fixes (necessary due to structural changes in documentation) * working in review comments * changes for time tracking activities * change screen shots for wiki - more functions section * change screenshots and improve description for meetings * improve detectability of mention feature * move FAQ in authentication * add how to reset password * improve explanation on how to un-archive projects * mention Mattermost integration * small correction
4 years ago
In addition, we ask you to check if there are general difficulties with sending emails. There is a possibility to send a test email (you can see it quite well [here](../../email/#configure-email-header-and-email-footer) in the screenshot (under point 3). If the test email arrives, then the email dispatch from OpenProject works. Otherwise you would have to look in the [server logs](../../../installation-and-operations/operation/monitoring), whether there is an error displayed when a user is invited again.
Add FAQ sections and FAQs (#9065) * first batch of changes for FAQ [ci skip] * second batch for FAQ [ci skip] * added reference to FAQ on pricing website [ci skip] * small changes [ci skip] * moved one FAQ [ci skip] * some corrections [ci skip] * third batch of changes for adding FAQs [ci skip] * added separate section for FAQ [ci skip] * small corrections including direct link to pricing FAQ [ci skip] * moving FAQ in new structure part 1 [ci skip] * moving FAQ in new structure part 2 [ci skip] * fourth batch of adding FAQ [ci skip] * fifth batch of FAQ changes [ci skip] * sixth batch of FAQ added [ci skip] * seventh batch of FAQ added [ci skip] * small changes to explanation of work package relations [ci skip] * eighth batch of FAQ additions [ci skip] * ninth batch of FAQ additions [ci skip] * solving merge issues [ci skip] * removed FAQ [ci skip] * add FAQ from Manage members section [ci skip] * typo [ci skip] * small changes [ci skip] * adding new FAQ [ci skip] * Shorten file paths to avoid Windows errors * adding or changing FAQs [ci skip] * corrections and additions [ci skip] * changing/adding hierarchy and more [ci skip] * restructuring [ci skip] * restructure, correct, change [ci skip] * additional FAQs [ci skip] * move 2 FAQs regarding boards [ci skip] * Links to other FAQ pages, support options [ci skip] Co-authored-by: Aleix Suau <info@macrofonoestudio.es>
4 years ago
## Is it possible to only allow authentication via SSO (not via user name / password)?
Expanding documentation (#9091) * changed screenshots for projects chapter * changed screenshots in gantt chart chapter * moved "aggregation by project" from work packages to Gantt chart chapter * changed some links * move reference to Excel sync out of Gantt chart chapter * small changes * add initial setup section for administrators to documentation Idea and main content from @ivangriggs Co-Authored-By: ivangriggs <77022874+ivangriggs@users.noreply.github.com> * smaller improvements to docs * improve documentation of manual and automatic scheduling mode * small improvements in docs * small changes * adding section for search options in OpenProject * move section about hourly rate defintion to system admin guide * formatting changes * explaining assignee filter options * change section header to make it detectable when searching for "projects overview" * clean up table of contents, make titles consistent, remove excessive space characters, etc. * update screenshots * changes to project overview docs * add screenshot for search bar * make info about aggregation of changes in activity and notifications easier detectable * small improvements * add info about non member and anonymous role * changes/additions * small changes * add additional options to access context menu * add sum feature for work package list to docs and change screenshot * add/improve info about email notifications * link fixes (necessary due to structural changes in documentation) * working in review comments * changes for time tracking activities * change screen shots for wiki - more functions section * change screenshots and improve description for meetings * improve detectability of mention feature * move FAQ in authentication * add how to reset password * improve explanation on how to un-archive projects * mention Mattermost integration * small correction
4 years ago
Yes, for Enterprise on-premises and Community Edition there is a [configuration option](../../../installation-and-operations/configuration/#disable-password-login) to disable the password login.
## Which authentication providers are supported for single sign-on?
We do support the main authentication providers, such as CAS, SAML, OpenID Connect, Kerberos, and Okta. Please note that single sign-on is a premium feature and can only be activated for Enterprise cloud and Enterprise on-premises.
Add FAQ sections and FAQs (#9065) * first batch of changes for FAQ [ci skip] * second batch for FAQ [ci skip] * added reference to FAQ on pricing website [ci skip] * small changes [ci skip] * moved one FAQ [ci skip] * some corrections [ci skip] * third batch of changes for adding FAQs [ci skip] * added separate section for FAQ [ci skip] * small corrections including direct link to pricing FAQ [ci skip] * moving FAQ in new structure part 1 [ci skip] * moving FAQ in new structure part 2 [ci skip] * fourth batch of adding FAQ [ci skip] * fifth batch of FAQ changes [ci skip] * sixth batch of FAQ added [ci skip] * seventh batch of FAQ added [ci skip] * small changes to explanation of work package relations [ci skip] * eighth batch of FAQ additions [ci skip] * ninth batch of FAQ additions [ci skip] * solving merge issues [ci skip] * removed FAQ [ci skip] * add FAQ from Manage members section [ci skip] * typo [ci skip] * small changes [ci skip] * adding new FAQ [ci skip] * Shorten file paths to avoid Windows errors * adding or changing FAQs [ci skip] * corrections and additions [ci skip] * changing/adding hierarchy and more [ci skip] * restructuring [ci skip] * restructure, correct, change [ci skip] * additional FAQs [ci skip] * move 2 FAQs regarding boards [ci skip] * Links to other FAQ pages, support options [ci skip] Co-authored-by: Aleix Suau <info@macrofonoestudio.es>
4 years ago
## Is it possible to use a custom SSO provider (e.g. Keycloak) with the Enterprise cloud edition?
It is possible to use Keycloak, but you can't configure it yourself at the moment as there's no user interface (UI) for custom SSO providers. We can set up the custom provider for you. Then you can access and edit it in the administration. You will be able to enter client ID and client secret via the OpenProject UI.
For context: The connection of custom SSO providers is also described [here](../../../installation-and-operations/misc/custom-openid-connect-providers/#custom-openid-connect-providers) (however, we would enter this configuration for your Enterprise cloud environment).
## I want to connect AD and LDAP to OpenProject. Which attribute for authentication sources does OpenProject use?
You can freely define the attributes that are taken from LDAP sources [in the LDAP auth source configuration screen](../ldap-authentication/).
For group synchronization, OpenProject supports the AD/LDAP standard for groups via "member / memberOf". The attribute cannot be configured at this time.
## Is there an option to mass-create users in OpenProject via the LDAP?
Fix various docs typos
3 years ago
There's no such option at the moment. However, you can activate the on-the-fly user creation for LDAP authentication. This means: An OpenProject user account will be created automatically when a user logs in to OpenProject via LDAP the first time.
Add FAQ sections and FAQs (#9065) * first batch of changes for FAQ [ci skip] * second batch for FAQ [ci skip] * added reference to FAQ on pricing website [ci skip] * small changes [ci skip] * moved one FAQ [ci skip] * some corrections [ci skip] * third batch of changes for adding FAQs [ci skip] * added separate section for FAQ [ci skip] * small corrections including direct link to pricing FAQ [ci skip] * moving FAQ in new structure part 1 [ci skip] * moving FAQ in new structure part 2 [ci skip] * fourth batch of adding FAQ [ci skip] * fifth batch of FAQ changes [ci skip] * sixth batch of FAQ added [ci skip] * seventh batch of FAQ added [ci skip] * small changes to explanation of work package relations [ci skip] * eighth batch of FAQ additions [ci skip] * ninth batch of FAQ additions [ci skip] * solving merge issues [ci skip] * removed FAQ [ci skip] * add FAQ from Manage members section [ci skip] * typo [ci skip] * small changes [ci skip] * adding new FAQ [ci skip] * Shorten file paths to avoid Windows errors * adding or changing FAQs [ci skip] * corrections and additions [ci skip] * changing/adding hierarchy and more [ci skip] * restructuring [ci skip] * restructure, correct, change [ci skip] * additional FAQs [ci skip] * move 2 FAQs regarding boards [ci skip] * Links to other FAQ pages, support options [ci skip] Co-authored-by: Aleix Suau <info@macrofonoestudio.es>
4 years ago
## I would like to assign work packages to users from different authentication sources (AD and OpenLDAP). Is this possible without the admin creating groups manually?
OpenProject supports creating groups and staffing them with users based on information found in an LDAP (or AD). This is called [LDAP group synchronization](../ldap-authentication/ldap-group-synchronization/#synchronize-ldap-and-openproject-groups-premium-feature). The groups are created based on the name. So theoretically, it should be possible to have a single group that gets staffed by the information found in multiple LDAPs. This scenario has not been tested yet. Therefore, we cannot promise that it will work for sure. There is currently no other option.
Assigning work packages to multiple assignees is expected to be implemented in 2021. Once it is implemented, the source the user is defined in is no longer relevant.