Content:
Automatic sign-in (SSO) for Active Directory in Cayosoft Web Portal
Automatic sign-in also called Integrated Windows Authentication, allows users to log in to Cayosoft Web Portal automatically if they are running a browser on the workstation, where they have logged on with their Active Directory credentials. This method enables a Single Sign-On (SSO) experience for delegated administrators and employees.
To use the Automatic sign-in method, the server running Cayosoft Administrator Web Portal and all client computers must be in the same domain or a trusted domain. The same or trusted domains are the requirements for a browser to pass Windows credentials to the server.
You may also need to do certain configuration steps on client machines, as the browser passes Windows credentials only to websites in the Local Intranet or Trusted Sites zones.
If you use a short computer name in the Web Portal URL, such a site is identified as a Local Intranet zone by default and no additional browser configuration is required. If you use the fully qualified name of your server in the URL, such a site is identified as an Internet zone by default, and a browser does not send credentials to the server until the site is explicitly added to Local Intranet (recommended) or Trusted sites (with additional security settings configuration). Read the browser configuration instructions below for details.
Each user who requires access to the Cayosoft Web Portal must have a valid Windows local or domain user account, or be a member of a Windows local or domain group account. You can include accounts from other domains as long as those domains are trusted. The accounts must have access to the Cayosoft Administrator server computer.
If the client computer is not in the same domain where Cayosoft Web Portal is installed then when connecting to Cayosoft Web Portal, the form-based sign-in page should open for entering Windows credentials. There is no automatic sign-in in this case.
Cayosoft Administrator configuration for Automatic sign-in
-
Run Cayosoft Administrator console
-
Navigate to Web Portal Settings
-
In the User sign-in authentication method section select Automatic sign-in (SSO) + Sign-in form for Active Directory accounts
-
Click Save Changes
- Perform an IIS reset:
- Click on Start > All Programs > Accessories > Command Prompt
- Type iisreset
- Click Enter
- Once the message "Internet services successfully restarted" is displayed, close the Command Prompt
Browser configuration for Automatic sign-in
To use Automatic sign-in (Integrated Windows Authentication) you need to configure the browser. These settings can be done manually on each client computer, where the Cayosoft Web Portal would be used, or you can use Group Policy to apply these settings automatically to all required client computers.
- Microsoft Edge
- Google Chrome
- Mozilla FireFox
Manual browser configuration for Automatic sign-in (Integrated Windows Authentication)
Google Chrome and Microsoft Edge
Configuration
-
Open Control Panel
-
Navigate to Control Panel > Network and Internet
-
Open Internet options
-
Click Security tab
-
Click Local Intranet
-
Click Sites
-
On Local intranet form click Advanced
-
Add the fully qualified name of your IIS server to Local intranet
-
Click Close
-
Click OK
-
Click Custom level
-
Scroll to User Authentication
-
Select Automatic logon only in intranet zone
-
Click OK
Mozilla FireFox
-
Open Firefox
-
In the URL field type "About:Config"
-
You will receive a security warning. To continue, follow the steps in the prompt.
- Search for the settings below by browsing through the list or searching for them individually. Locate each setting then update the value to the following:
Setting | Value |
---|---|
network.negotiate-auth.delegation-uris | Enter the Fully qualified name of your IIS server |
network.automatic-ntlm-auth.trusted-uris | Enter the Fully qualified name of your IIS server |
network.automatic-ntlm-auth.allow-proxies | True |
network.negotiate-auth.allow-proxies | True |
Configuring Group Policy to apply Automatic sign-in settings
Microsoft Edge and Google Chrome
- Create a new Group Policy Object, or use an existing Group Policy Object.
- Edit the Group Policy Object with the following settings:
- Navigate to User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Site to Zone Assignment List
- Define this policy setting Enabled
- Click the Show button to define the URLs and zone assignment
- In the Show Contents window, add the Fully Qualified Name of your IIS server and assign it a value of 1 (Intranet zone)
The following values are used to assign each zone:
1 - Intranet zone
2 - Trusted Sites zone
3 - Internet zone
4 - Restricted Sites zone - Navigate to User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Intranet Zone > Logon Options
- Define this policy setting Enabled
- In the Logon options drop-down menu, choose Automatic logon only in Intranet zone
- Link this GPO to an OU, domain, or site where you want to apply the policy.
Change History
Version | Notes |
---|---|
7.2.0 | Internet Explorer is not supported by Cayosoft Administrator Web Portal. |
5.4.2 | The feature is introduced in the product. |
Comments
0 comments
Please sign in to leave a comment.