Single Sign On (SSO)

<< Click to Display Table of Contents >>

Navigation:  Configuration >

Single Sign On (SSO)

Since version 2.6 you can configure the 'Single Sign On' to remove the default login form. A login is not required any more. SpaceObServer Web Access applies the authentication object from the windows login.

Two steps are required to set up SSO for SpaceObServer Web Access:

Activate the Windows Authentication

Add the website to the intranet zone for all client computers

Activate the Windows Authentication

Enable Windows Authentication Feature

1.Start the Server Manager on the machine where you have installed SpaceObServer Web Access.

2.On the Dashboard, klick on the link 'Add Roles and Features'.

3.In the left menu, select the item 'Server Roles'.

4.In the main window of 'Server Roles', navigate to 'Web Server (IIS)' > 'Web Server' > 'Security' and enable the checkbox 'Windows Authentication'.

5.Press the button 'Next' an continue the activation.

Enable the Windows Authentication for the website

1.Open the IIS-Manager (inetmgr).

2.Select the Site 'SpaceObServer WebAccess'.

3.In the main window, make an double-click on the item 'Authentication'.

4.Enable the mode 'Windows Authentication'.

5.Disable all other modes (Forms, Anonymous Authentication, etc…).

Modify the Web.config file (only if you have updated from an previous version <V2.6)

1.Navigate to the installation directory (the default path is: C:\Program Files\JAM Software\SpaceObServer Web Access\) and open the Web.config file.

2.Find the XML element: '<authentication>'.

3.Remove the '<forms> ... </forms>' element contained in it, if present, and save the file.

4.Restart the page using the IIS Manager.

Now, when you access the website from a client computer via the browser and still an native prompt for username and password appears, then please add the the site to the intranet zone.

Add the website to the intranet zone for all client computers

You can add the website to the intranet zone via the Group Policy in your Domain Controller.

1.Click Start > Control Panel > Administrative Tools > Group Policy Management.

2.Expand your forest > Domains > your domain.

3.Right click Group Policy Objects and click on entry New, give it an appropriate name and click OK.

4.Right click your newly created Group Policy Object and click the button 'Edit'.

5.Expand User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel and click 'Security Page'.

6.Open context menu via right-click on 'Site to Zone Assignment List' and click on the entry 'Edit'.

7.Select the radio button 'Enabled'. In the options pane, click on the button 'Show'.

8.In the list, add an site to trust (e.g. http://webaccess.company.com), and give it a value of 1.

9.Apply the settings via click on the button 'OK', then 'Apply' and 'OK' and close the Group Policy Management Editor window.

10.In the Group Policy Management window, click your new Group Policy Object (GPO), and navigate to the 'Delegation' tab.

11.Click 'Add' at the bottom, enter your user/group, click 'Check Names', then 'OK'. If you want to include all users in your domain, then you can add the group 'users'.

12.Change the dropdown under 'Permissions' to 'Edit settings, delete, modify security', and click the button 'OK'.

13.In the Group Policy Management window, in the tree, right click your domain in the Domains folder to open the context menu. In the context menu, click on the entry 'Link an Existing GPO'.

14.Select your created Group Policy Object (GPO), and then click 'OK'.

 

The client computers need to update their cached group policies to apply the changes. This can be done on the client computers via the command: gpupdate /force

After that, all client computers which call the WebAccess in the browser should not see any login-form any more. They will be authenticated automatically.

Note: When your client computers uses the Firefox Browser, then perhaps a native login screen still appears because you need to add some extra configuration.