For the Devs from Ops
Default Domain: Your fully qualified domain name
Windows Integrated Authentication should be checked
In Service Studio, open your app and in the Interface tab, enable WIA on the Login web screen.
Configure Internet Explorer:
Go to Internet Options > Security > Local Intranet
Click on the Sites button, and then the Advanced Button
Add your front-end URL to the list and Close.
Click on the Custom level button for the Intranet Zone
Scroll all the way down to the User Authentication section, and set Logon to "Automatic logon only in Intranet zone
Under the Advanced tab, in the Security section towards the bottom, make sure WIA is enabled.
To make the IE configuration consistent accross the domain you could encode it in a user GPO or could export the IE registry settings under HKCU and import them in a logon script.
The other option is SSO. Frees you up from having to use IE only. It would be nice if someone could setup a comprehensive step-by-step config tutorial here.
Rado
Hi Rado,
What a nice post, thanks!
Any suggestion for any other posts that could be helpful to the community?
Vera
It turns out that WIA can also be configured for Firefox and Chrome. The Chrome settings can be encoded in the Windows registry or using the Chrome ADMX GPO template.
A question on the implementation of this however. How do you then propagate this change to a bunch of users?
JC Elorde wrote:
So long as the users are part of the Active Directory domain, and everything is correctly setup, it should work.