Sign-in Problems: Azure OK, Standard login & I'm an agent Failing

Muneer-Jahangeer

This is my second post, and the first one was already fixed on the same day (thank you so much for this). I have configured all our users for Azure, and they can log in using the 'Sign-in with Azure' option. However, when we try to use the same credentials for the other two login options, it says 'Access is denied.' I've tried both standard and admin logins, and both have the same issues. Could you please assist with this?

KevinTheJedi

Muneer-Jahangeer

For Users, they might be tied specifically to the Azure login. Go to your database and check the _user_account table. The backend values should be NULL if you want them to use any authentication backend. If it's set to something specific they will be locked in to using only that authentication method.

As far as Agents go, you have to create them first. Agents need Department access, role permissions, etc. configured first so SSO doesn't auto-register them. Also, when creating the Agent you have the option to send them a welcome email with a link to activate their account and set their password -or- to uncheck that option and manually set a password and you relay that to the agent. However, if you use the welcome email option they must click the link within 30 minutes otherwise it will expire and you will either need to resend the email or manually set a password for them.

If the Agent does exist then you need to make sure that they are also not locked in to a specific authentication backend. Go to Admin Panel > Agents > Agents, click an Agent, and check their Authentication Backend setting.

Cheers.

Muneer-Jahangeer

KevinTheJedi

Apologies for the delayed response; I was off yesterday. Following the suggestion, I edited the ost_user_account table, setting the backend default value to NULL. Additionally, I checked the Admin panel -> Agents -> Agents, and confirmed that the authentication backend is set to use any available backend. However, when I logged into the standard window, I encountered an 'access denied' error

KevinTheJedi

Muneer-Jahangeer

So just to clarify the _user_account table only relates to the Users. The _staff table is for the Agents. From your screenshots it looks like you are trying to login as an Agent. If you are logging in using the local username/email and password and get Access Denied that means the password is incorrect.

Keep in mind that if you type the username and password on the login screen that only uses local osTicket authentication. This does not communicate to your IdP. So this means each Agent/User must set their password within the system if they want to use local authentication. The password from your IdP does not carry over to osTicket that would defeat the purpose of SSO. So if you want them to use SSO you must click the button.

Cheers.

Muneer-Jahangeer

KevinTheJedi

Got it. Thank you for providing a detailed description of this issue.
We have informed all our users to utilize the 'Sign with Azure' option for automatic sign-in. However, some missed our communication and continue to sign in with the other option. Is there an option to disable the other two sign-in methods and only allow 'Sign in with Azure'?

KevinTheJedi

Muneer-Jahangeer

There is no way to hide the login form unfortunately. You must customize the codebase to accomplish this.

Cheers.

Muneer-Jahangeer

KevinTheJedi

If possible, could you please inform me of the file I need to edit to disable the option? I will manage to do that.

ciscomax111

Just go to > "osTicket/upload/include/client" directory edit "login.inc.php" Line 23 >
" <div class="login-box" style="display:none"> "
You will not see the local Login on User interface