Assisted Login Profiles

Assisted Login Profiles define the rules and participants for approver-based authentication workflows. An approver validates the identity of a requesting user before granting access. Mideye Server supports two profile types: Normal (LDAP-backed) and Federation (identity-provider-backed).

Navigate to Server Settings → Assisted Login Profiles to manage profiles.

Profile List

The list view displays all configured assisted login profiles in a sortable data grid.

Column	Description
Profile name	Unique name identifying the profile. Default sort column (ascending).
Federation	Boolean indicator — checked if the profile is a federation profile.
Action	Edit and Delete buttons (visible to administrators only).

Creating a Profile

Click the Settings button to choose between:

• Add a Normal Profile — creates a profile backed by LDAP directory groups.
• Add a Federation Profile — creates a profile backed by an external identity provider (e.g., Entra ID).

The profile type determines which tabs and fields appear in the editor.

Profile Editor

The editor uses a tabbed form. Normal profiles display four tabs; federation profiles display three (the Additional Challenges tab is hidden).

General Tab

Normal Profiles

Field	Description	Default
Profile name	Unique identifier. Validated asynchronously against existing names. Max 255 characters.	—
Notification attribute	LDAP attribute used to identify the user in notifications. Max 100 characters.	displayName
Session timeout	Maximum session duration in seconds.	120
Idle timeout	Inactivity timeout in seconds before the session expires.	96
Groups matching part in CN	When enabled, allows partial matching of group common names.	Disabled

Federation Profiles

Field	Description	Default
Profile name	Unique identifier. Same validation as normal profiles.	—
Resource	Federation resource identifier (e.g., application URI).	—

Approver Tab

Defines who is authorized to approve authentication requests.

Normal Profiles Only

• Approver Id attribute — a multi-tag input specifying which LDAP attributes identify an approver. Default tags: sAMAccountName, mobile, userPrincipalName, mobilePhone, mail, uid. At least one attribute is required.
• Require Manager — when enabled, the approver must be the requesting user’s manager in the directory.

Both Profile Types

• Approver Groups — a dynamic list of group names. For federation profiles, specify groups using the full Distinguished Name.
• Approver Identities — a dynamic list of individual approver identifiers. For federation profiles, use userPrincipalName. The value root is explicitly blocked.

User Tab

Defines which users may request assisted login through this profile.

Normal Profiles Only

• User Groups — a dynamic list of LDAP group names whose members may request assisted login.

Both Profile Types

• User Identities — a dynamic list of individual user identifiers. For federation profiles, specify users with userPrincipalName, domain, or regular expression. The value root is explicitly blocked.

Additional Challenges Tab

Available for normal profiles only. Adds custom challenge questions that the user must answer during the assisted login flow.

Each challenge entry contains:

Field	Description
Question	The challenge question displayed to the user. Required, max 255 characters.
Title	Label for the response field. Required, max 255 characters.

Click the add button to insert a new challenge. Each challenge includes a delete button for removal. The list is scrollable when many challenges are configured.

Note

Only one challenge page per profile is supported. The server rejects profiles with more than one challenge page.

Permissions

Action	Required Role
View profiles	Any authenticated user
Create, edit, or delete profiles	Administrator or above