With Mixed Authentication, you may use two different authentication types in your Bizagi solution.
Mixed Authentication is the common choice in projects which have users from more than one domain, mainly because in such scenarios there are users which do not belong to the same corporate domain as back-end employees (e.g. Lawyers participating in Credit Request Processes in a Bank).
For instance, if your project is to be accessed from the Intranet by a certain type of users, and from the Internet as well by another set of users, you may configure Mixed Authentication using both Windows Authentication and Bizagi Authentication.
Through this approach, Intranet users could authenticate using Windows Authentication, and Internet users could authenticate by Bizagi Authentication type.
With Mixed Authentication, you will need to set Bizagi Authentication as one of the two authentication types.
For further information, refer to Bizagi Authentication.
The other authentication type can be set to either: Windows Authentication, or Custom Authentication (applies to Bizagi .NET).
For more information refer to Windows Authentication.
For more information refer to Custom Authentication.
•This feature is not eligible for Automation Service.
•If you need to configure an Authentication type which is not supported by Mixed Authentication, configure Multiple Authentication.
When using Windows authentication in the Mixed authentication, note that Windows will have priority over Bizagi authentication (meaning that Windows credentials are automatically first identified for log in).
If you plan on using an authentication method different than Bizagi and you are performing a deployment to an environment with no users on it (normally this would only be the case for a project's first deployment), follow these steps so that you can correctly configure your users and authentication without getting locked out of the Work Portal:
1.Perform the deployment with the authentication method set to Bizagi. This lets you access the Work Portal as the Admon user without providing any credentials.
2.Once in the Work Portal you can manually enter your users, or alternatively you can rely on the method of your choice to synchronize your users' information into the WFUser table (SOAP, Excel file, LDAP Synchronization, or performing a Data Synchronization procedure).
3.Perform an IISRESET so that the Admon user can no longer access the Work Portal.
4.After having your users registered in the Work Portal, use the Management Console to set the authentication method to your preferred one.
If you plan on using LDAP authentication with periodic users synchronization, you may ignore the previous steps since you will only need to wait until the next synchronization happens for your users to be able to log into the Work Portal.
Setting Mixed Authentication
To set Mixed Authentication, select Mixed Authentication from the drop-down list:
Click on the Update button.
The following options presented as inner items must be configured:
•Bizagi Authentication: Its inner options may be configured the same as when using Bizagi Authentication.
•Bizagi Domain: Specify the name of the domain for the users who will be authenticated using Bizagi Authentication.
•Other Authentication type: Select which other type of authentication will be used (Windows or Custom).
Further configuration is presented according to the second type of authentication to be used alongside Bizagi Authentication in the Mixed Authentication.
Therefore, when updating the Other type of Authentication option, you will have to configure either the Windows or Custom Authentication inner options (in the same way as you would do when choosing Windows Authentication or Custom Authentication).