Below is a list of settings within the PROXY Pro Authentication Manager (formerly known as Proxy Identity Manager or PIM).
Identity Manager URL: This is the canonical URL by which the Authentication Manager component is accessed. Note that there must be one URL accessible by both internal and external network users.
Web Console URL (Internal Network): This is the canonical URL by which the Web Console (root application) component is accessed. This URL is used for users on the internal network.
Example: https://servername/
Installation Default Value: https://servername/
Web Console URL (External Network): This is the canonical URL by which the Web Console (root application) component is accessed. This URL is used for users on the external network.
Example: https://servername/
Installation Default Value: https://servername/
Allow local Active Directory login: This value is True to allow authentication using Windows Authentication and local machine or Active Directory accounts. This value must be True to allow programmatic (SDK) access to the system. If False, the Entra ID configuration must be set up, and those accounts are used exclusively.
Description: Set to TRUE to allow local Active Directory login
Installation Default Value: True
Use LDAPS for directory services - This setting only applies if "Allow local AD login" is True. When this is True, PROXY Pro makes LDAP queries to Active Directory via the LDAPS protocol, which must be enabled in the domain.
Set to TRUE to require use of LDAPS (LDAP over SSL) instead of unencrypted LDAP when accessing Active Directory
Installation Default Value: False
6. Allow installed Master to Single Sign On: This setting only applies if "Allow local AD login" is True. When this is True, PROXY Pro Master and other fat-client applications can perform single sign-on using Windows Authentication, and these clients do not provide a choice to use Entra ID authentication. To allow Entra ID authentication from PROXY Pro Master and other fat clients, set this value to False.
Set to TRUE to allow installed Master to SSO with Windows login credentials; otherwise, requires browser-based login
Installation Default Value: True
7. Prefer UPN name format: This setting only applies if "Allow local AD login" is True. When this is True, accounts from Active Directory domains are displayed in UPN format. Machine local accounts are always displayed in SAM format.
Set to TRUE to prefer User Principal Name (user@domain) over SAM (DOMAIN\user) account format
Default Installation Value: True
8. Allow Entra ID login: This value is True to enable authentication with Entra ID. The four Entra ID settings that follow must be filled in correctly for Entra ID integration to work
Set to TRUE to allow Entra ID login; Entra settings must be filled in
Installation Default Value: False
9. Entra ID Domain: The Entra ID domain name. For test domains, this is typically something.onmicrosoft.com; or this is a more recognizable name if you have registered and configured a custom domain in your directory.
This is the domain name of the directory containing the user accounts
Default Installation Value: Blank
10. Entra Application Client ID (aka Client ID): The Entra Applcation ID (also formerly called the Application Key).
This is the Application ID found in the Entra management portal, under Application Registrations
Installation Default Value: Blank
11. Entra ID Client Secret (aka Application Key): The Enta Client Secret for the application registration.
This is the application password found in the Entra ID management portal under Application Registration > Certificates and Secrets > Client Secrets
Installation Default Value: Blank
12. Require Entra ID for web-based application logins: This setting only applies if "Allow local AD login" is True, and "Allow Entra ID login" is True. When this value is False (the default), users logging into the Web Console (e.g. via the LOGIN button) are given a choice of entering Windows Account credentials (e.g. local domain account), or clicking the Entra ID button in the "Login using Cloud Identity Provider" section. When this value is True, this screen is not presented, and users are automatically directed to login with an Entra ID account. [Introduced in v10.3 HF#2]
Set to TRUE to cause the login path to immediately redirect to Entra ID and disallow local account login; otherwise user has choice of local account or Entra ID login if both are enabled.
Installation Default Value: False
13. Allow access to LOGIN button from external addresses
The Web Console "landing page" provides access to both the Host on Demand functionality ("SHARE" button), and the Web Console ("LOGIN" button). When this value is FALSE, access to the Web Console and Identity Manager login is restricted for users at external network addresses.
