Configuring Windows Authentication

To use Windows authentication, you must configure your Manager, Drivers, and web browsers. Note that you can only use this method if all Managers run on Windows.

Manager Configuration

To configure your Manager to use Windows authentication:

1. Ensure that the Manager is part of the domain with which you want to authenticate.
2. Make sure that the additional third party LGPL download has been applied. For more information, see the Installation Guide.
3. On the Managers:

In the Administration Tool, go to Admin > User Admin> Authentication, and change Authentication Mode to Windows.

On the same page, enter the value for the Windows Domain used to authenticate users in Windows Domain, and click Save.

Driver Configuration

For all Drivers, the DSNegotiateEnabled property specifies if Negotiate authentication is used. Set this to true in the driver.properties file or by using the DriverManager API to enable Negotiate authentication.

Also, the following must be configured, depending on the platform and Driver:

Windows C++ and .NET Drivers

Windows versions of C++ and .NET Drivers use NTLM and do not require any additional configuration.

UNIX C++ and All Java Drivers

UNIX versions of C++ and all Java Drivers (including Windows) use Kerberos rather than NTLM. Configure them using the instructions in All Java Drivers and UNIX C++ and Java Drivers sections.

Browser Configuration

Users’ browsers must be configured to use Negotiate authentication. For example, in Microsoft Edge, you add the URL to the Enterprise Mode site list. In Firefox, you use the network.negotiate-auth.trusted-uris config parameter. See your browser’s documentation for details.

If a user’s browser is not configured and they attempt to log in to the Administration Tool, the browser presents them with a challenge popup screen, and they can log in manually.