HOW-TO: Enabling Windows Integrated Authentication

  

For the Devs from Ops

  • Join your front-end server to the local domain
  • Browse to the Users app on your front-end (Eg: https://myfrontend/Users/)
    • Select Configure Authentication on the right-hand side
    • Authentication: Select Active Directory
    • Default Domain: Your fully qualified domain name

    • Windows Integrated Authentication should be checked

  • In Service Studio, open your app and in the Interface tab, enable WIA on the Login web screen.

  • Configure Internet Explorer:

    • Go to Internet Options > Security > Local Intranet

    • Click on the Sites button, and then the Advanced Button

    • Add your front-end URL to the list and Close.

    • Click on the Custom level button for the Intranet Zone

    • Scroll all the way down to the User Authentication section, and set Logon to "Automatic logon only in Intranet zone

    • Under the Advanced tab, in the Security section towards the bottom, make sure WIA is enabled.

    • To make the IE configuration consistent accross the domain you could encode it in a user GPO or could export the IE registry settings under HKCU and import them in a logon script.

The other option is SSO. Frees you up from having to use IE only. It would be nice if someone could setup a comprehensive step-by-step config tutorial here.


Rado

Hi Rado,

What a nice post, thanks! 

Any suggestion for any other posts that could be helpful to the community?

Vera