OutSystems Platform natively supports Integrated Windows Authentication, allowing you to leverage a centralized management of the end-users and have automatic authentication in your applications.

Integrated Authentication

Integrated authentication allows end-users to access applications using their domain credentials. When the end-user tries to access a web screen that requires authentication, the application server returns an HTTP 401 status, signaling that the end-user is trying to access a resource that requires authentication.

The browser then proceeds to automatically send the credentials the end-user used to authenticate in the Windows operating system, or if unable to do so, prompts the end-user to provide the credentials. From then on the browser automatically sends the credentials when they are required, without the end-user having to insert the domain credentials again.

Integrated Authentication Elements

When developing you applications, its possible to enable integrated authentication for all applications. Learn more about Configuring Integrated Authentication for All Applications.

It's also possible to enable integrated authentication for specific elements inside an application. The list of elements that support it is presented below.

Web Screens

When your web screen has the Integrated Authentication property set to Yes it means that end-users accessing it will have to authenticate by following the procedure described above. See Web Screen Properties.

Web Flows

When your web screen has the Integrated Authentication property set to Yes it means that, all screens that don't have this property set will inherit its value form the web flow. See Web Flow Properties.

Exposed SOAP Web Services

When your SOAP web service has the Integrated Authentication property set to Yes it means that, while processing the request, the OutSystems application always asks the web service client for its credentials. See Exposed SOAP Web Service Properties.

Depending on the client that invokes the SOAP Web Service, it may not be possible to send the credentials and, consequently will not be able to consume its services.

Consumed SOAP Web Services

When your consumed SOAP Web Service has the Integrated Authentication property set to Yes it means that the OutSystems application sends its credentials to the server of the Web Service. Depending on the configuration and programming of this server, it may or may not use the credentials. For example, if the consumed web service is running in a different server, delegation is not available. See Consumed SOAP Web Service Properties.

If a consumed Web Service is invoked inside a web screen you are probably expecting that delegation can be used. But there are some limitations and if your system is configured to use NTLM, delegation is not supported.

Integrated Authentication Built-in Actions

OutSystems Platform has built-in actions and functions that taken advantage of Integrated Windows Authentication.


Integrated Authentication is available only in .NET environments. If your Application Server module property is set to J2EE or (Both), a warning message is presented, signaling that this property will be disregarded at runtime.

Also, to use integrated authentication, both the client and front-end server must be in the same domain and must have an Active Directory that stores information about the end-users and their credentials.

See Also

About End-User Authentication | Configuring End-User Authentication