Switching from Windows auth to Outsytems internal auth
Application Type
Reactive, Service

We have been using Windows AD authentication in our on premise environment, but would like to switch to Outsystems internal. Does anyone have successful experience with this? Will we need to recreate all the users? Anything gotchas to look out for?

Thanks in advance.

Hi Joseph,

I have not done this earlier, however please refer the below link and see if it helps to resolve your query. It might be other members have done this and will help you.


Thanks & Kind Regards,



Hello Joseph,

Are you looking to change your backend users (e.g. logins to LifeTime, Service Studio, etc.), or your frontend users (e.g. the /Users app)?

Frontend. And for the record, I changed it on our Dev environment last night, and it messed up the front end users. I can create new ones that work, but cannot make the existing ones, which were automagically added through Windows integrated authentication, work.


Have these users also set their password in the OutSystems environment? When users are created through external providers, they are created without a password.

To test it out, you could try setting one of their passwords manually in /Users, and then if that works you can provide a reset your password option?

I did try resetting the password, but that did not seem to help. I even removed the domain part of the name (domain/user).


Hmm, a couple of other questions then:

  • Are your applications using the "Users" User Provider module (an option in the properties at the module level in Service Studio)?
  • Is your application Traditional Web or Reactive? If Traditional, do your UI Flows or your Screens have the "Integrated Authentication" property set to Yes in Service Studio?
  • Are you using the standard Login flow, or have you customized it?
    • I assume you are using the User_Login action?
  • Is anything logged in Service Center (Errors or General) when the user tries to sign in?

We are using the built-in Users module.

We do both reactive and traditional, but are moving towards reactive. Some Outsystems features are only available in Traditional.

we have not touched the built-in login function. It was usually unnecessary with the integrated authentication.

We get invalid passwords logged.

i might be making some progress - have to Edit the names to remove the domain piece. I think it might have to do with a column in the table called external_id, which has a value when the user was imported from Active Directory.

Thanks for your interest and brainstorming. I’ll keep looking and update here. Hopefully Support will contact me, too.


I could see removing the domain from the username helping, but I wouldn't expect the External_Id to cause a problem. I've used that column in other SSO use cases without an issue.

When you say hopefully support will contact you, have you created a support ticket yet?

Yes. They finally responded with questions. We will probably solve it on our own before they come up with anything.

Unfortunately, still wrestling with this. I switched the QA environment to Internal auth, and I can get into our applications, but the Outsystems Users app, which we need in order to add roles to users and groups, is still trying to use Integrated Authentication for some reason and now believes that I don't have sufficient permissions to see Roles and Groups. I have not yet figured out how to make the Users application to use the internal auth.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.