Authentication

HEAT enforces authentication through internal or external means when you log in. These are specified by checking one or both of the following when creating an employee account:

• Enable Internal Auth: Employs a user name and password stored in the HEAT database for authentication purposes. You need to supply the password used for this employee account.
• Enable External Auth: Permits the use of Microsoft Active Directory (secured using HTTPS) authentication. You need to supply LDAP server login credentials. It can differ from the ID used for internal authentication, and can contain a domain prefix.

If you enforce additional policies, such as password expiration and password complexity, to strengthen security, you should enable external authentication (authenticate against an external ID such as user@example.com).

If you enable both authentication protocols, HEAT attempts internal authentication first. If the authentication fails, external authentication is attempted. For example, if your internal authentication ID of bernard.jeffries fails, HEAT then tries the external ID domainname/bjeffries.

As of HEAT Release 2014.3, the active session is removed when the user closes the browser window in Microsoft Internet Explorer and Mozilla Firefox, freeing the license for other users. Google Chrome does not log out users when they close the window, but rather keeps the sessions open, allowing users to resume their session at a later time.