Web Client login options

The following Web Client login options are available:

Login with Identity Provider: This option is available when Azure AD authentication is enabled. Web Client redirects the user to the Azure AD login page, where they can authenticate independently from Equitrac.
Login with a Windows user account: A valid User ID and Password verified in the configured Active Directory. To manage the whole product, the provided Windows account should belong to the 'Admin' group of the product. To manage accounts only, the provided Windows account should belong to the 'Accounts' group of the product.
Login with PIN1 and PIN2: The primary PIN acts as the login name and the secondary PIN acts as password. This authentication mode does not work with the Single Sign-On feature of Web Client.
Login with PIN1 and external password: The primary PIN acts as the login name and external password acts as password. This authentication mode does not work with the Single Sign-On feature of Web Client.

Web Client login options can be configured on the Authentication Options screen in Web System Manager. See User authentication for details.

To access Web Client open a web browser and enter https://<web_server_name OR ip address>/EQWebClient in the Address field to open the login page. Alternatively, go to Start > Kofax > Web Client to open the login page.

A self-signed certificate is generated and configured for Web Client during installation. This certificate has no real certification chain, and may display warnings for the end users. To avoid this the customer can set the company's certificate in IIS for Web Client.

If only Equitrac authentication is enabled, the User ID and Password prompts are displayed.
If only Azure Active Directory authentication is enabled, a Login with Identity Provider button to start Azure AD authentication is displayed.
If both Equitrac and Azure AD authentication are configured, then the user has the option to login with either method.

After a successful login, Web Client behaves based on the roles of the logged-in user:

If the logged-in user has administrator role, the user is logged-in to Web System Manager.
If the logged-in user has a matching Equitrac user, the user is logged-in with 'user' role, as a regular Equitrac user. They will see a landing page with the applications available to them.
If your user rights allow access to a single Web Client application, the landing page is not displayed and you are automatically redirected to that application. If you do not have sufficient rights to any of the Web Client applications, only an informational message is shown.
If the logged-in user has both 'admin' and 'user' roles, the user is logged-in to Web System Manager, but they can switch between the roles.

When the Login with Identity Provider button to start Azure AD authentication is activated, Web Client redirects to the Azure AD login page, where the user can authenticate independently from Equitrac.

If the user cancels the Azure AD login page, or authentication fails, the user is redirected back to Web Client, where the login screen appears again with a related message. Once authentication is done successfully, the user is redirected back to Web Client, where the login operation continues.

The following prerequisites are needed for Azure AD authentication:

ControlSuite must be registered in the Azure AD tenant. See Register ControlSuite in Azure Active Directory.
In Configuration Assistant the Azure AD authentication must be enabled and the connection parameters must be set correctly. See User authentication.