Logging into the Aeon Web Client

Print Friendly and PDF Follow

This article reflects some changes/features that are not yet publicly available. Aeon 6.0 is in the final stages of testing. Once an official release date has been announced, this message will be updated with more information.

The default web address used to access the Aeon Web Client is https://servername/aeonstaff/. Users with Aeon staff accounts configured with Client Access permissions in the Aeon Staff Manager can log into the Aeon Web Client using the username and password associated with their account. By default, the web client will also enforce multi-factor authentication (MFA) for all staff user logins and will require the staff user to enter a 6-digit authentication code generated by the MFA application configured for that user's account upon login.

Configuring Web Client Access | Configuring Multi-Factor Authentication | Disabling the Multi-Factor Authentication Requirement

Aeon Web Client Login Page

Session Timeouts

Users will be automatically logged out of the Aeon Web Client after 15 minutes of inactivity. A minute before this logout occurs, the user will be shown a notification that their current session is expiring and will have the option to click the Continue button to remain logged in:

Session Expiring prompt

Configuring Web Client Access

Staff users must have an Aeon staff account configured with Client Access permissions before they can log into the Aeon Web Client. Aeon administrations can create staff accounts and establish permissions in the Aeon Staff Manager. Once staff users have an account and client access permissions, they can begin using the Aeon Web Client.

See Adding and Removing Staff Users for more information on configuring staff accounts.

Client Access permission highlighted in Aeon Staff Manager

Configuring Multi-Factor Authentication

By default, the Aeon Web Client will enforce multi-factor authentication (MFA) for user logins. Upon first login, the staff user will be prompted to configure MFA for their staff account. All subsequent logins to the web client will require the user to enter a 6-digit code generated by their MFA application after entering their username and password.

For information on the initial MFA configuration process for staff accounts, see Configuring Multi-Factor Authentication.

Disabling the Multi-Factor Authentication Requirement

Multi-factor authentication provides an important extra layer of security to your Aeon system by requiring all users to log in with two forms of authentication: their username and password credentials and a time-based one-time password (TOTP) code that is generated by an authentication application and is harder for potential attackers to obtain or duplicate. The TOTPs enforced by the MFA requirement are important in that they provide additional protection against potential security breaches to your Aeon system if a staff user’s username and password are compromised. Given these security implications, the configuration options for the MFA requirement on the Aeon Server will vary based on your hosting provider as follows:

  • Atlas-hosted Aeon sites: For security purposes, MFA is required for logins to the Aeon Web Client and cannot be disabled on your server. If you have any questions about this policy, please contact support@atlas-sys.com.
  • Self-hosted Aeon sites: It is strongly recommended that the MFA requirement is left enabled on the Aeon Server for the extra layer of security it provides to the Aeon Web Client. If necessary, the MFA requirement can be disabled by setting the RequireMultiFactorAuthentication value to false in the Aeon API's appsettings.json file located on the Aeon Server, however, please note that disabling the MFA requirement will significantly reduce the security of your Aeon system.


If this article didn’t resolve your issue, please contact Atlas Support for assistance:

Contact Support