Authentication

  • Updated on May 6, 2025
  • Published on Oct 31, 2023
  • 7 minute(s) read
Prev Next

Overview

All users who need to log in to ReportWORQ require authentication credentials and licenses. By default, ReportWORQ uses its Native authentication provider. Alternatively, you can configure ReportWORQ to use Microsoft Entra ID (Azure Active Directory), Google Authenticator, or Custom OpenID Connect (OIDC) authentication.

Users who do not need to log in to ReportWORQ, such as consumers of distributed reports, do not require licenses or authentication credentials.

This article describes how to set up an authentication provider, manage user accounts, and assign licenses for ReportWORQ features. Major topics include the following:

Note: ReportWORQ uses AES encryption to store passwords and connection strings at rest.

To access the Authentication interface:

  1. Log in to ReportWORQ using an Administrator account.
    Tip: An Administrator account was created during the Initial Configuration of ReportWORQ.

  2. Select the gear icon at the top of ReportWORQ.

  3. From the Administration menu, select Authentication.
    The Authentication interface appears, and lists all ReportWORQ user accounts that have been added to it.

     

Configuring an Authentication Provider

By default, ReportWORQ uses its Native authentication provider. Alternatively, you can configure ReportWORQ to use Microsoft Entra ID (Azure Active Directory), Google Authenticator, or Custom OpenID Connect (OIDC).

Note: If you switch from an alternative Authentication provider back to Native authentication, the ReportWORQ service must be restarted. A configuration wizard then guides you to create an initial Native account, if necessary. This account has special permissions to log in to any account. After this is completed, it is recommended that this account be deleted and replaced with the email address of the preferred administrator.

To switch authentication providers:

  1. At the top of the Authentication interface, select the Authentication Provider button.
    The Advanced Options pane appears.

  2. Select the desired Provider.

    The configuration interface for the selected provider appears.

  3. If you selected Native authentication, configure the Lockout Settings and the Password Complexity Settings:

    • Lockout Settings include the number of Failed login attempts allowed before the account is locked out, and the Lockout time, which is how long access is denied before another login attempt is allowed.

    • Password Complexity Settings apply when users log in to a new account or one that has been reset. The settings apply rules for passwords including requirements for the presence of numbers, symbols, lowercase letters, and uppercase letters; minimum password length; and minimum number of unique characters.

  4. If you selected authentication by Microsoft Entra ID (Azure Active Directory), specify the Client Id, Client Secret, and Tenant Id.
    For more information about configuring Microsoft Entra ID (Azure Active Directory), see the Microsoft 365 article.

  5. If you selected authentication by Google, specify the Client Id, Client Secret, and optionally, a Tenant Id.

  6. If you selected Custom OIDC authentication, configure the Provider Settings and the OIDC Settings:

    • Provider Settings include Client Id, Client Secret, and optionally, a Tenant Id.

    • OIDC Settings include an Authority URI, User ID Claim Name, Email Claim Name, Role Claim Name, and one or more Scopes.

  7. After you finish configuring authentication provider settings, select Save & Close.

  8. On the Administration > Configuration page, Restart the ReportWORQ server.

Managing User Accounts and Assigning Licenses

The Authentication interface lists all ReportWORQ user accounts that require authentication. It includes settings for assigning them ReportWORQ licenses and access to workspaces. In order to log in and use ReportWORQ, an account must have access to at least one workspace.

The main topics in this section are as follows:

Searching and Filtering Accounts

You can search for a specific account or filter the list based on their ReportWORQ licenses. You can also use the Search box and filter simultaneously.

To find and select a specific account:

  1. In the Search box at the top of the list of accounts, start typing part of the user’s email address or role name.
    The list updates as you type, reducing the number of accounts shown.

  2. When the account you want appears in the list, select it.

To filter the list of accounts:

  • At the top of the list of accounts, select the filter icon and then select a filter criterion:

    • All Accounts — Lists all accounts.

    • Disabled Accounts — Lists accounts that are not currently enabled. These users cannot log in to ReportWORQ.

    • System Administrators — Lists accounts that have a System Administrator license.

    • ReportWORQ Administrators — Lists accounts that have a ReportWORQ Administrator license.

    • Reporting End Users — Lists accounts that have a Reporting End User license.

    • PowerPoint End Users — Lists accounts that have a PowerPoint End User license.

    • Contribution End Users — Lists accounts that have a Contribution End User license.

Enabling Accounts and Assigning ReportWORQ Licenses

If an account is enabled, the user can log in to ReportWORQ and access features for which they are licensed.

By default, newly created accounts are not enabled for ReportWORQ use. Enabled accounts are not limited by the licensed user count; however, if more accounts are enabled than the number allotted to the license key an error message will be generated when attempting to run a job until enough users become disabled.

To enable or disable the selected account:

  • Select or clear the Account Enabled checkbox.

To assign or revoke ReportWORQ licenses:

  • Select or clear the license checkbox(es) as required:

    • System Administrators — The account can access and configure all ReportWORQ settings, features, and Workspaces. System Administrators configure Datasources, Report Providers, and Distributors to support ReportWORQ Administrators. There must always be at least one system administrator.

    • ReportWORQ Administrators — Lists accounts that can use all ReportWORQ features, including the Distribution Job Editor, Report Authoring, and Contribution Campaigns. ReportWORQ Administrators can also create and edit Job Schedules and the Address Book. If they also have Configuration Access to a given Workspace, they can add, configure, and delete Datasources for that Workspace.

    • Reporting End Users — Lists accounts that can use ReportWORQ’s  Office365 Excel Add-in to work with and manage reports.

    • PowerPoint End Users — Lists accounts that can receive PowerPoint template reports and can format their visual appearance for presentation purposes. They can also refresh the report data.

    • Contribution End Users — Lists accounts that can receive Contribution input forms and complete and/or approve them.

Adding and Deleting Accounts

When you create an account, you typically provide an email address that acts as the account username.

If you are using an OIDC authentication provider such as Microsoft Entra and your organization’s license agreement includes unlimited licenses, you can provide a role name instead of an email address. This allows the Administrator to manage all ReportWORQ users in the authentication provider group and role support. The role name will need to show up in the user’s claims after authentication to be authorized for that permission set (e.g. System Administrator, ReportWORQ Administrator, etc.). In Microsoft Entra, this can be accomplished by creating custom roles in the App Registration with matching values to the claims entered in the ReportWORQ Authentication interface, creating an Enterprise Application to associate Users/Groups with the Roles defined in the App Registration.

To add a new account:

  1. Select the New Account button.
    The New Account dialog box appears.

  2. Specify the user’s email address or role name, and then select OK.
    The new account is added to the list.

To delete the selected account:

  • Select Delete Account.

Resetting Passwords (Native authentication only)

If you are usng Native authentication and a user forgets their password, they can select Forgot Password from the login dialog to request a password reset. The user is then prompted to provide a new password.

From the Authentication interface, you can reset the password of any account. The user is prompted to provide a new one the next time they log in.

If your organization is unable to log into all System Administrator accounts because the passwords are unknown, there are two ways you can regain control.

To reset the password of the selected account:

  • Select Reset Password.

To regain control if all System Administrator passwords are unknown:

  1. On the computer where ReportWORQ is installed, use a web browser to navigate to the ReportWORQ login dialog.



  2. If there is an Authentication Settings icon in the lower right corner:

    1. Select the Authentication Settings icon.
      The Authentication interface appears.

    2. Select an account that has System Administrator permissions and note the email address for the account.

    3. Select Reset Password, and then select OK to confirm.

    4. On a new browser tab, attempt to log in using the email address you noted in Step 2b.
      You are prompted to reset the password.
      Skip Step 3.

  3. If there is no icon in the lower right corner of the ReportWORQ login dialog, your ReportWORQ version was released prior to v5.0.0.69. You can regain control, but all configured user accounts will be deleted and the authentication provider will revert to Native mode. Do this only as a last resort if none of the System Administration passwords are known.
    The steps are as follows:

    1. In Windows Explorer, navigate to the ReportWORQ Repository following folder:
      <installation_location>\ReportWORQ\Repository

    2. Delete the Authentication folder.

    3. Restart ReportWORQ.

    4. Follow the configuration wizard prompts to create a new System Administrator account.

Importing and Exporting Accounts

You can export account properties as an Excel (.xlsx) file, which you can edit and later import. For each user account, the file includes columns for the account name, status (enabled or disabled), license permissions, and workspaces.

Notes about editing account properties in Excel:

  • You cannot delete accounts by deleting account rows.

  • Important: Do not edit data in the Id column. The user account Ids are unique identifiers that must not be modified. If you add a new account, do not assign an Id. ReportWORQ will assign an Id when you import the file.

To export account properties:

  • Select Export.
    A file named accounts.xlsx appears in the Downloads folder.

To import account properties:

  1. Select Import.

  2. Browse to select the account properties file (typically named accounts.xlsx), and then select OK.
    The account properties are imported. Edited account data is updated, and new accounts are added. Accounts are never deleted as a result of importing account properties.