There are five tabs in the IFS Middleware Server Admin console Security pane. These configure different aspects of user authentication. These pages can be found by navigating to common/security in the IFS Middleware Server Admin Console menu.
These tabs contain settings related to the identity asserters of the associated application types and contain the main bulk of the OAuth2 and OpenID Connect settings. After a fresh installation, all Identity Asserters are configured to use the IFS Database Identity Provider for OpenID Connect authentication (with randomized client IDs and secrets) and Compatibility Mode is set up with LDAP disabled. As such, authentication using the IFS Database as the user registry is functional with no further action required on behalf of the administrator. The client details associated with an identity asserter that relies on the IFS Database Identity Provider can be regenerated should the need arrise (it is reccommended to do this after cloning an environment, both on the clone and the original, to keep the client details unique for the environments).
In case Azure AD or ADFS should be used for one or more of the application types, the identity asserters must be reconfigured to use those external identity providers instead. Refer to the sections about configuring Azure AD and configuring ADFS for more information about what configuration is needed for these identity providers.
This tab contains information and configuration options related to the IFS Database Identity Provider. In order to use IFS Touch Apps, some configuration must be done in this tab. It also provides branding options for the user experience of the login page of the identity provider, enabling customers to replace the IFS look and feel with their own branding. Refer to the section about configuring the IFS Database Identity Provider for more information on the subject.
This tab contains the settings related to compatibility mode. After a fresh installation, the IFS database is set up as the user registry of IFS Applications and LDAP is disabled. In this tab, LDAP can be configured and enabled, and the cache used by the compatibility mode database authenticator can be configured. See the section about configuring compatibility mode for more information on the subject.