Configuring Windows Authentication
To use Windows authentication, you must configure your Manager, Drivers, and web browsers. Note that you can only use this method if all Managers run on Windows.
Manager Configuration
To configure your Manager to use Windows authentication:
1. | Ensure that the Manager is part of the domain with which you want to authenticate. |
2. | Make sure that the additional third party LGPL download has been applied. For more information, see the Installation Guide. |
3. | On the Managers: |
In the Administration Tool, go to Admin > User Admin> Authentication, and change Authentication Mode to Windows.
On the same page, enter the value for the Windows Domain used to authenticate users in Windows Domain, and click Save.
Driver Configuration
For all Drivers, the DSNegotiateEnabled
property specifies if Negotiate authentication is used. Set this to true in the driver.properties
file or by using the DriverManager
API to enable Negotiate authentication.
Also, the following must be configured, depending on the platform and Driver:
Windows C++ and .NET Drivers
Windows versions of C++ and .NET Drivers use NTLM and do not require any additional configuration.
UNIX C++ and All Java Drivers
UNIX versions of C++ and all Java Drivers (including Windows) use Kerberos rather than NTLM. Configure them using the instructions in All Java Drivers and UNIX C++ and Java Drivers sections.
Browser Configuration
Users’ browsers must be configured to use Negotiate authentication. For example, in Microsoft Edge, you add the URL to the Enterprise Mode site list. In Firefox, you use the network.negotiate-auth.trusted-uris
config parameter. See your browser’s documentation for details.
If a user’s browser is not configured and they attempt to log in to the Administration Tool, the browser presents them with a challenge popup screen, and they can log in manually.