Aeon Standard: Authentication Process & Customizing Settings

Print Friendly and PDF Follow

By default, all Aeon installations are set up with Standard Aeon authentication. This type of authentication allows anyone with access to the registration pages to register, choose a username and password, and then use that username and password to log into the Aeon web later.


New customers are allowed to submit requests immediately after registering but are marked as "not cleared" in the staff interface. Staff can then review those users and disavow them if they are not allowed to use the system (which also cancels the users' requests) or clear them as valid users. The Standard Aeon authentication does not verify user information against any external system upon registration or login. Once a customer registers with Aeon, they are allowed to log into the web interface until staff either blocks the user from submitting any further requests or disavows the user from the system.


For Standard Aeon authentication, the WebAuthType key in the Aeon Customization Manager should be set to Aeon. This type of authentication allows users to reset their password via the Aeon web interface by providing their usernames and receiving an email with a link to provide a new password. Setting the WebAuthType to Aeon sets the Users.AuthType value to Aeon. All other authentication types set this value to Default.

Basic Standard Authentication Process

For the User

  • A first-time user would navigate to the Aeon login screen and click the First Time Users link.
  • User will fill out the New User Registration form (NewUserRegistration.html) and submit it.
  • User can then start immediately submitting requests.

For the Staff

  • Several times a day, the staff user would check the Users Waiting to be Cleared panel from the Home page in the Aeon Desktop Client. This will show a list of all newly registered users.
  • After reviewing each one, they can click the Clear, Block, Disavow, or Merge User buttons. Each will send the user a note regarding their current Aeon status. Disavow cancels all of their requests. Merge will allow you to merge two accounts together. Users can also be cleared, uncleared, blocked, or disavowed using the Aeon Web Client.

This is how Aeon is configured to work upon completion of the installation. No changes are needed to the system to configure it for Standard Authentication. All user information is stored in the Aeon system.

Disabling User Registration for Standard Aeon Authentication

As standard Aeon authentication does not verify user information against any external system upon registration or login before creating the user's account, you may experience periods of bot-driven automatic account creation spam wherein bots use the user registration form to create a large number of accounts in a short period of time. To prevent spam, Aeon can either be configured to use a captcha challenge requirement on the user registration form (NewUserRegistration.html) or user registration can be completely disabled for accounts created through standard Aeon authentication from the registration form using the AeonAuthUserRegistrationEnabled customization key. 

Registration should not be disabled if you only allow users to register for accounts through the standard Aeon account creation and authentication process.
For more information on configuring these features, see Preventing Account Creation Spam in Aeon.
Note: The AeonAuthUserRegistrationEnabled key will only enable/disable user registration from your production Aeon web pages and will not affect your TestWeb web pages. As of Aeon Server v5.1.16/5.2.4, users cannot register for an Aeon account using any authentication type from the TestWeb pages by default. This option is not configurable.




If this article didn’t resolve your issue, please contact Atlas Support for assistance:

Contact Support