System Administration
If the Support Integrated Authentication check box is enabled on the Parameters page, corporate system user IDs are permitted to log in to the Platform. The Platform uses the corporate ID and cross-references it with the local Platform ID. After a user has successfully been authenticated by the corporate system and logged in to a computer, the Platform can be started without an additional login.
Integrated Authentication is typically used in a Windows Domain environment. Integration with other authentication providers is also possible.
NOTE: If the site uses Integrated Authentication, users can be added to WebApp groups on initial log in. Refer to Use Auto Register to Add Users to WebApp Groups Automatically for more information.
Authentication methods require configuration steps in IIS, in the file system on the web server, and in the DSP®.
To enable Integrated Authentication at a high level:
- Disable IIS Enable Anonymous Access.
- Enable IIS Integrated Windows Authentication.
- Include the user’s corporate ID in the user’s account settings in the DSP®.
To enable Integrated Authentication in IIS and Windows:
- Open IIS Manager (under Administrative Tools).
- Expand the tree on the left and select the DSP virtual directory.
- Double-click the Authentication icon.
- Right-click Anonymous Authentication and select Disable from the list menu.
-
Right-click Windows Authentication and select Enable from the list menu.
NOTE: At this point the platform may not be accessible to all users.
- Close IIS Manager.
-
Locate the DSP Installation Directory in Windows Explorer.
- Right-click the DSP directory and select Properties from the list menu.
- Click the Security tab.
- Click Edit.
-
Enter Authenticated Users in the Enter the object names to select field.
NOTE: To browse for the Authenticated Users group, click the Advanced and Find Now buttons.
- Click Check Names button and verify that the name is recognized.
- Click OK.
- Select Modify from the Permissions for Authenticated Users option box.
- Click OK to close the Permissions for DSP window.
- Click OK to close the DSP Properties window.
-
Repeat steps #9 – 16 to grant Modify permissions to the Authenticated Users group on all folders that are used by the DSP® and the WebApps. This will depend on which WebApps are installed and what file locations were chosen during the installation process.
NOTE: The specific folders where permissions must be modified will be different at different sites. All folder locations accessed by the DSP® must have the appropriate permissions set, or errors will be reported.
To enable Integrated Authentication in the DSP®:
- Select Admin > Configuration > Parameters in the Navigation pane.
- Click the Security Settings tab.
- Click the Support Integrated Authentication check box.
- Click Admin > Security > Users in the Navigation pane.
- Click Vertical View for a user who will be accessing the DSP® using Integrated Authentication.
-
Click Edit.
View the field descriptions for the Users page’s Vertical View.
-
Enter the Windows User Name.
NOTE: Use the format domain\username. Do not provide a password.
NOTE: A validation warning "User will not be able to login with basic authentication if password is NULL or empty" may appear. If users will only be logging in using Windows Integrated Authentication then accept the validation warning by clicking the Yes button; otherwise set a password.
-
Confirm that Integrated Authentication has been configured correctly by accessing the site from a client computer (not the web server). Verify that the site can be accessed without the user having to provide credentials.
NOTE: Perform the steps below if Integrated Authentication is the only supported authentication method and Basic is not required.
- Select Admin > Configuration > Parameters in the Navigation pane.
- Click the Security Settings tab.
- Click Support Basic Authentication check box to uncheck it.
