Authentication Upgrade Redesigned Form and Password Saving

1C Developer team

05.11.2024 5 min

Authentication Upgrade: Redesigned Form and Password Saving

The 1C:Enterprise platform supports various ways to authenticate users: authentication by the platform itself, OS authentication, OpenID authentication, and so on.

Currently, the way different authentication methods are linked may seem counterintuitive to the user. For example, switching between different authentication methods requires clicking the Cancel button.

In version 8.3.26, we decided to make the authentication process more understandable and transparent for users. It is now possible to set a preferred authentication type as the default. Also, users can now save their passwords.

The authentication form will display all authentication methods available for publication. In the example below, the publication is configured with the following authentication types:

      1. 1C:Enterprise authentication (with the option to log in using a QR code). Displayed with a key icon.
      2. OpenID authentication. Displayed with an icon of two keys.
      3. Multiple OpenID Connect authentication providers:
            • 1. A provider with an unconfigured image in the VRD file (arrow icon). 2. VKontakte. 3. Google.

Аутотентификация_PIC_1.png

The Need help? hyperlink is now displayed next to the window close button (cross icon). The hyperlink now has only an icon in the form of a question mark instead of the inscription Need help?. Hovering over the question mark will display the tooltip Need help?

If authentication was previously successful and the credentials were saved on the computer being used, the authentication form will not appear when entering the infobase (if this mode is enabled by the administrator and the user has selected the corresponding checkbox). Instead, the user will be logged in to the infobase until the saved credentials expire or until the user explicitly terminates the application (using the Exit item in the system menu).

The available authentication options are configured on the server in the VRD file. The authentication method listed first is used by default.

Below is an example of the authentication section of a VRD file. The standard authentication method is used by default, then comes the QR code authentication (which is hidden by setting the visible attribute to false and will not be shown in the dialog). Next is OpenID (the visible attribute is not explicitly specified, which means that the authentication method is available) and OpenID Connect (the value of the visible attribute is explicitly specified).

Аутотентификация_PIC_1_2.png

This new functionality will provide users of our products with a user-friendly, intuitive authentication interface and save time (when using the option to save the password).

QR Code Authentication

At the request of our partners and customers, in version 8.3.26, we have added the option to authenticate using a QR code.

To use QR code authentication, the respective option must be enabled by the administrator for the user:

Аутотентификация_PIC_2.png

When authenticating in a thin or web client, a QR code authentication option will appear in the login window:

Аутотентификация_PIC_1.png

A click on this button will display a QR code on the screen:

Аутотентификация_PIC_3.png

After that, you will need to launch the mobile client of the corresponding application on your mobile device and go to the Tools and Settings \ Login on another device section:

Mobile_En.png

When you select this menu item, the mobile device's camera will turn on. You will need to scan the QR code from the thin or web client screen, and after a while, the user will be authenticated in the thin or web client.

To use QR code authentication, you will also need to configure the web publication of the infobase speicifically (described in detail in the documentation).

The 1C:Enterprise language gets extended to support the new functionality.

This new functionality improves system security. There is no need to enter a password, which means that when working in an untrusted environment (internet cafe, public Wi-Fi), the entered password cannot be seen by an attacker or read through a keylogger. In addition, the security policies of some organizations require passwordless authentication for corporate applications, and now we support this requirement.

Be the first to know tips & tricks on business application development!

A confirmation e-mail has been sent to the e-mail address you provided .

Click the link in the e-mail to confirm and activate the subscription.