Zum Hauptinhalt springen
Deutsch
|
English

AZURELOGINACTIVE - Detailed description

FM-Portal

IC2868
Administrator
FM-Portal

Overview

Parameter: AZURELOGINACTIVE
Category: Login
Default value: 1 (enabled)
Product: eTASK.Login

What does this parameter do?

AZURELOGINACTIVE controls whether the "Sign in with Microsoft" button is displayed on the portal login page. This parameter serves as an on/off switch for the Azure Active Directory login option and allows you to quickly enable or disable Azure login without changing the Azure configuration (AZURECLIENTID, AZURETENANTID).

What is this parameter used for?

The parameter is used when:

  • You want to control the visibility of the Azure sign-in button on the login page

  • You need to temporarily disable Azure sign-in without deleting the configuration

  • You want to switch between different login methods

  • You want to disable Azure sign-in for maintenance or testing

  • You are migrating from classic to Azure sign-in in stages

Technical Details

Format: String with a numeric value
Default value: "1"

Valid values:

  • "1" = Azure sign-in button is displayed (enabled)

  • "0" = Azure sign-in button is hidden (disabled)

Important notes:

  • This parameter works in conjunction with AZURECLIENTID—both conditions must be met

  • Even when the parameter is active (value 1), the button is only displayed if AZURECLIENTID contains a value

  • The value is stored as a string, not as a number

  • Changes take effect immediately—no restart required

When should you change this value?

Set the value to "1" (enable) if:

  • You want to enable Azure sign-in for your users

  • The Azure configuration (AZURECLIENTID, AZURETENANTID) is fully set up

  • You want to give users a choice between different sign-in methods

  • You want to put Azure sign-in into production after testing is complete

Set the value to "0" (disable) if:

  • You need to temporarily take Azure sign-in offline

  • You encounter issues with Azure authentication and need time to troubleshoot

  • You want to use only classic sign-in methods

  • Maintenance work is being performed on the Azure configuration

Important Notes

  1. Dependency on AZURECLIENTID
    This parameter alone is not sufficient. The Azure button is only displayed if AZURELOGINACTIVE is set to 1 AND AZURECLIENTID contains a value. Both conditions must be met.

  2. Immediate effect
    Changes to this parameter take effect immediately. Users who reload the login page will see the button either appear or disappear.

  3. No effect on existing sessions
    Users who are already logged in remain logged in. The parameter only affects the login page and new login attempts.

  4. Useful for maintenance windows
    You can disable Azure sign-in without deleting the entire Azure configuration. Simply set it back to 1 after maintenance.

  5. Default value is enabled
    The default value of 1 means that Azure login is enabled by default as soon as AZURECLIENTID has been configured.

Security

Does changing this parameter affect security?

No, changing this parameter has no direct security implications. The parameter only controls the visibility of a button, not the security of the authentication itself.

Benefits: * Enables quick deactivation of Azure sign-in during security incidents * No impact on the security of users who are already signed in * Provides control over available sign-in methods

Important: * Disabling Azure sign-in (value 0) may lock out users who only have Azure accounts * Ensure that alternative sign-in methods are available before disabling Azure sign-in * If you encounter issues with Azure, you can quickly switch to classic sign-in

Recommendation: Use this parameter as an emergency switch to quickly disable Azure sign-in if necessary. Ensure that at least one administrator account uses classic sign-in before relying exclusively on Azure sign-in.

Practical example

Initial situation: A company has configured Azure login and is using it in production. Microsoft reports an issue with Azure Active Directory that is expected to last 2 hours. The company wants to switch to classic login during this time.

Configuration: 1. Administrator logs in to the portal 2. Opens the system configuration 3. Changes AZURELOGINACTIVE from "1" to "0" 4. Saves the change

After the change:

  • Users who visit the sign-in page no longer see an Azure button

  • Instead, they use the classic username/password login

  • Users who are already logged in can continue working without interruption

  • Once the Azure issue is resolved, the parameter will be set back to "1" set

Result: The company was able to prevent downtime. Users could continue to log in with their local credentials during the Azure outage. After 2 hours, Azure login was reactivated with a single click.

Recommended setting

For standard installations:"1"(enabled)

Reason:

  • Azure sign-in provides modern, secure authentication

  • Users benefit from single sign-on with Microsoft 365

  • The button is only displayed anyway if AZURECLIENTID is configured

  • Default value enables immediate use after Azure configuration

Exceptions (temporary deactivation):

  • Set the value to "0"if you need to temporarily disable Azure sign-in

  • Use "0" during the test phase until the Azure configuration has been fully verified

  • Use "0" as an emergency switch in case of Azure issues

Tip: Keep this parameter set to "1"even if you are not yet using Azure login. The button will only appear once AZURECLIENTID has a value. This allows you to prepare for Azure integration without confusing users.

War dieser Artikel hilfreich?