Self Service & Analyst Portal - Community
Integrated Windows Authentication
Direct link to topic in this publication:
Integrated Windows Authentication is an authentication method that allows the user of a Windows computer (not Linux or MacOS/iOS) to present their login credentials to the web server seamlessly to authenticate without being prompted. Integrated Windows Authentication uses the Kerberos Key Distribution Center which is part of an Active Directory environment to negotiate the authentication between the user's browser and the server to attest that the user is in fact the person that is using the browser. (Note: By default, the user context of the browser is the user account that the user used to log into the Windows operating system. It is possible to use the runas.exe command to launch a browser in a user context that is different from the user account that was used to login to the Operating System.) When Integrated Windows Authentication is used, the Cireson Portal will impersonate the user to connect to System Center Service Manager. In order for Windows Integrated Authentication to work, the user's computer, the user's account, and the Cireson Portal web site web server must all be in the same domain or domains that have a trust relationship to each other.
Only Internet Explorer (9,10,11) and Chrome are supported by Cireson for using Integrated Windows Authentication. Typically, Integrated Windows Authentication is used in an intranet environment where the users are logged onto domain-joined Windows computers and connecting to a Cireson Portal web server that is in the same (or trusted) domain so that user's don't have to spend time logging into the server. Cireson only supports using Negotiate (Kerberos, primary) and NTLM (fallback) for authentication providers and the app pool must use Kernel Mode Authentication. If you choose to deploy the Cireson Portal web site using Integrated Windows authentication, these settings will be set by default.
Whenever you make a change to the IIS/website settings related to Windows Integrated Authentication always run iisreset from the command prompt to ensure that the settings are applied.