For the Devs from Ops

  • Join your front-end server to the local domain
  • Browse to the Users app on your front-end (Eg: https://myfrontend/Users/)
    • Select Configure Authentication on the right-hand side
    • Authentication: Select Active Directory
    • Default Domain: Your fully qualified domain name

    • Windows Integrated Authentication should be checked

  • In Service Studio, open your app and in the Interface tab, enable WIA on the Login web screen.

  • Configure Internet Explorer:

    • Go to Internet Options > Security > Local Intranet

    • Click on the Sites button, and then the Advanced Button

    • Add your front-end URL to the list and Close.

    • Click on the Custom level button for the Intranet Zone

    • Scroll all the way down to the User Authentication section, and set Logon to "Automatic logon only in Intranet zone

    • Under the Advanced tab, in the Security section towards the bottom, make sure WIA is enabled.

    • To make the IE configuration consistent accross the domain you could encode it in a user GPO or could export the IE registry settings under HKCU and import them in a logon script.

The other option is SSO. Frees you up from having to use IE only. It would be nice if someone could setup a comprehensive step-by-step config tutorial here.


Rado

Hi Rado,

What a nice post, thanks! 

Any suggestion for any other posts that could be helpful to the community?

Vera

It turns out that WIA can also be configured for Firefox and Chrome. The Chrome settings can be encoded in the Windows registry or using the Chrome ADMX GPO template.

A question on the implementation of this however. How do you then propagate this change to a bunch of users?

JC Elorde wrote:

A question on the implementation of this however. How do you then propagate this change to a bunch of users?

So long as the users are part of the Active Directory domain, and everything is correctly setup, it should work.