Does mojoportal lock out inactive users in AD?

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.
12/21/2012 11:56:26 AM
lmullan
Gravatar
Total Posts 46
View Posts

Does mojoportal lock out inactive users in AD?

Does mojoportal check against active directory every time a user logs in?  So if a users account is inactivated within active directory, are they then no longer able to log into mojoportal?

12/21/2012 12:14:55 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Does mojoportal lock out inactive users in AD?

It depends on whether you have "Allow Persistent Authentication Cookie?" checked in site settings. If it is checked then the user may still have a valid authentication cookie if he checked "Remember Me" on the login page before he logged in, then the user is still logged in. Checks against AD only happen at login time. If that box is not checked then the cookie lasts only for the duration of the browser session, ie if the user closes his browser he must login again. But if it is checked the cookie persists beyond the browser session for the amount of time specified in the timeout property on the <forms element in web.config. The latest version of mojoPortal has that configured as 20160 minutes which is about 2 weeks but older versions had a much longer value there.

However, you can also lock the user out from the manage user page by looking the user up on the member list and click the manage link. If you lock him out there then his cookie will be cleared automatically as soon as he visits the site, ie he will be forcfully logged out and then if he tries to login again it will fail since he no longer has a valid AD account.

Hope that helps,

Joe

12/21/2012 12:17:43 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Does mojoportal lock out inactive users in AD?

Actually if you lock him out from the manage user page in mojoPortal he could not login anymore even if he did have a valid AD account.

12/21/2012 12:24:38 PM
lmullan
Gravatar
Total Posts 46
View Posts

Re: Does mojoportal lock out inactive users in AD?

We do not allow persistent authentication cookies.  So since that is the case, if the user tries to log in and their active directory account has been inactivated, they will not be allowed to log into the site.  Correct?

 

I know I can lock them out with manage user, but we have 1500 employees and I'm not in the know always when employee accounts are inactivated.

12/21/2012 12:34:44 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Does mojoportal lock out inactive users in AD?

correct

You must sign in to post in the forums. This thread is closed to new posts.