Integrated Login

The unified login UI appears upon first login.
If you are not a unified login user, closing the unified login UI during the first login will display the Document Security login UI.

The SHIELD ID login screen can be applied as below with the DS365.Core.json configuration.

DS_MIP_INITItem Settings

Specify "mode" as "webView" or "msedgeApp".
The options to be used in the login types "webView" and "msedgeApp" are set by the items of the corresponding key values.

The "title" specification designates the string displayed on the unified login UI. It is generally displayed as Security365, but if you change the unified login CI and title through customization, you must also apply this file accordingly.

//DS365.Core.json 설정 예제
{
  "login": {
    "port": "28080",
    "waitMinTime": "0",
    "mode": "msedgeApp",
    "title": "Security365,SOFTCAMP,Shieldrm,Login",
    "webView": {
      "idPwEveryTime": "none",
      "topMost": "none"
    },
    "msedgeApp": {
      "fullScreen": "none",
      "idPwEveryTime": "none",
      "topMost": "none"
    }
  }
}

User Screen	content	Note
	Window Mode	login.mode : "msedgeApp"
	Full Screen Mode Appears on Main Monitor in Full Screen	login.mode : "msedgeApp", "login.fullScreen" : "use"

security365 account linkage

When logging in with SHIELD ID, if there is no document security account (SCI server) information registered for that account, the account linking will proceed as follows.
Each guide screen is3 minute timeoutThis will be applied, and if the notification window is not closed for 3 minutes, it will automatically close and proceed to the next step.

User Screen	content	Note
	Integrated Login (SHIELD ID)	microsoft id/pw authentication
	If there is no sci account linked to the completed SHIELD ID after proceeding with the unified login, display a notification window.	If there is no connected information, attempt the following items under the SHIELD ID authenticated ID: 1. Check the user on the sci server with the full account information 2. Check the user on the sci server after removing the domain information
	Follow the document security login procedure.	If document security login is in progress and there is no automatic login/SSO, the document security login screen will be displayed, and after completing the document security login, it will move to the screen below.
	Output of account information that has successfully passed SHIELD ID and document security certification and connection guide screen	After logging in, if the SHIELD ID of the document security account and the already issued token are different, delete the existing token and register the linked account of the SHIELD ID as the currently logged-in document security account. This may occur in cases where multiple users log in on the same device, e.g., conference rooms.
	Completion Notification Screen for Registering sci Users in SHIELD ID

To set up the screen for the site, it is necessary to configure the relevant policies in the idp service.
- Reference| ⚠️ This material is restricted access.
Setting the value of the extra policy in the DS_MIP_INIT policy is necessary.
Policy Example

{
  "s365_url": "https://devlogin.softcamp.co.kr/",
  "s365_app_id": "4e3b53b2-a18c-4d78-8de1-b9fcada4077c",
  "s365_app_name": "shieldrm-svc",
  "s365_app_secret": "JyktLCInJ------------------------JycsJyQ",
  "s365_log_url": "https://log.security365.com/log/event",
  "shieldrm_url": "https://ssevtr.softcamp.co.kr/",
  "extra": "3CJ55MSE-xLO7Sxt4-qUBKzbcs-XP2cgGEq",
  "tid" : "4d615af9-1d04-4bcc-8e6f-c6b6fe3110dd",
  "runMode": "s365"
}

info

This explains the feature to turn the integrated login screen popup On/Off through settings or custom policies.

Overview

This is a feature that allows you to turn the integrated login screen popup on/off through settings or custom policies.

Description

'SHIELD DRM Not Used' is an option that the user can select directly, and the default value is0is.\
DS_SDSENV_NOT_USE_SHIELD_DRMThe policy is a policy used by administrators to control this option centrally.
If this policy is used, the 'SHIELD DRM Disabled' checkbox on the settings screen will be disabled, and the user will not be able to change this option.
The check status is forcibly applied according to the policy value set by the administrator, and user settings are ignored.\

ID	DS_SDSENV_NOT_USE_SHIELD_DRM
TYPE	Check On/Off
Explanation	SHIELD DRM usage (1: not used, 0: used)
Policy Value	1 (or Check)
scsc	DS_SDSENV_NOT_USE_SHIELD_DRM.scsc

Application Method

Module Patch
Custom Policy Settings and Fetching Policies

Constraints

When changing the Shield Drm usage policy value to an unused policy value, a system reboot must be performed for the related module to terminate normally and the function to be turned off.
Even when changing from unused to used, it can operate without rebooting, but rebooting is recommended if possible.
A user notification message appears stating that a system reboot is required when changing the corresponding value in the environment settings.

SHIELD ID User Account Deactivation Blocks DS6 Authentication and Logs Out

info

If the user account of SHIELD ID is deactivated, SHIELD ID authentication will fail in the DS6 client, and at this time, the existing SCI server authentication will also be blocked (login failure processing).

Overview

When a user account is deactivated in SHIELD ID, the DS6 client blocks the authentication of that user and displays a notification message before processing a document security logout.

Explanation

security365 User Deactivation
Inactive users will experience blocking actions in the following two situations.
- Document Security Login Status
  - If a user is deactivated due to actions evaluated by the ztcap policy (e.g., right-clicking to convert documents with MIP, converting MIP to Drm documents, etc.), a notification message window will appear, and the document security logout status will be activated.
- Document Security Not Logged In
  - In the case of using the Runmode sso of the DS_MIP_INIT policy, before receiving s365 authentication, if the user is inactive when queried with the ShieldID, a notification message window will appear immediately after login, and the user will be logged out again.
  - For values of Runmode policy other than sso, current support is not available (refer to the constraints below for reasons).

Application Method

Module Patch

Constraints

When using a Runmode other than sso for the DS_MIP_INIT policy (s365, appauth, aad, ds), the functionality to block login for ShieldID users who are deactivated and to log out immediately after login cannot be performed for the following reasons.
- s365, in the case of ds, the integrated login window is used to perform s365 authentication, and since the user's shieldID is authenticated on the browser and securiy365 front end, there is no way to obtain the ShieldID from the perspective of the DS 6.0 client. (Without the ShieldID, it is not possible to check whether it is inactive.)
- In the case of appauth, it operates based on the shieldrm svc app rather than individual user's shieldId, making the functionality meaningless.
- In the case of aad, currently, you can obtain the shieldID from the token after authentication with the tenant ID, but it is not supported in the current structure.
In the case of MIP release, there is no existing logic to determine the release status using ztcap, so this feature is not applicable in the current structure.

Notification Message

When the user is deactivated, the document security logout is processed with the following notification message.

DS_MIP_INIT policyofForceLogoutOnUserDisabledThe document security logout function for disabled users can be toggled On/Off with a policy value.

security365 unified login​

DS_MIP_INITItem Settings​

security365 account linkage​

Customizing the SHIELD ID Unified Login Page​