User authorization: Overview

For each Kofax ReadSoft Invoices module you can enable or disable user authorization.

If user authorization is enabled

  • A user who starts the module must be authorized to do so. There are two types of user authorization:
    • Local user – Kofax ReadSoft Invoices' built-in system to control user access. Users must enter a user name and password to log in to the module. Enabled by default.
    • Network authentication – Uses Microsoft Windows users and groups to control access to Kofax ReadSoft Invoices. More information.

      When Kofax ReadSoft Invoices starts, the currently logged-in user is checked using Windows credentials. If the user exists in the Kofax ReadSoft Invoices' database, the user is logged in without any additional password check, and the user has the rights specified in the user profile.

      If no user is found, local authorization is used instead.

      If a user belongs to more than one group, the first group that the user belongs to (in alphabetical order) is used.

      Limitation: In order for a user to be logged in as a member of a group, he must be a direct member of that group. He cannot be an member indirectly, for example if another group that he belongs to is a member of the group that has permission to access the module.

      Tip Installing and Configuring Microsoft SQL ServerInstalling and Configuring Microsoft SQL Server describes how to set up Windows users and Windows groups.

      You determine which system you use when you define a user (User selection settings).

If user authorization is disabled

  • Any person who has "read" access to the Kofax ReadSoft Invoices program can start the module.
  • All users have full administrator rights to the module.

The process behind user authorization

When a user starts a Kofax ReadSoft Invoices module, database authentication is performed first. Then:

  1. Kofax ReadSoft Invoices checks whether user authorization is enabled for the module. If not, the module starts and the user has complete access to all functionality within the module.
  2. If user authorization is enabled, Kofax ReadSoft Invoices retrieves the name of the currently logged-on Windows user, what domain the user is logged on to, and what groups the user belongs to.
  3. Kofax ReadSoft Invoices compares this information with the Domain and Account or Domain and Group data that was saved in its database when users were defined, and looks for a match.
  4. If a match is found, Kofax ReadSoft Invoices checks whether the user has access rights to the module.
  5. If both of the previous steps are true, the module starts.
    Note Only the names of domains, users, and groups are checked. Users’ Windows passwords are not used or validated in any way.
  6. If no match is found in step 3, or if the currently logged-on Windows user was found in step 4 not to have permission to use the module, the user is prompted to log on as a local user.

    Note that this is the Kofax ReadSoft Invoices user name and password, not the Windows user name and password.

  7. Kofax ReadSoft Invoices compares the login information that the user provides with the details saved in its database. If a match is found, the user is logged on. Otherwise, an error message is displayed and the Login dialog is displayed again until “correct” credentials are supplied or the user clicks Cancel.