Loading...

Enabling Single Sign-On with Active Directory

Note: If you have already configured a domain in the CommCell with single sign-on (SSO), the Tomcat service on the computer where the Web Console is installed must be restarted for SSO to work properly.

To allow Active Directory domain users access to the Web Console, provide the details to communicate with the Active Directory service provider so that they are maintained in the Web Server database for authentication purposes. Adding a new domain controller registers the domain with the Web Server.

Note: By default, the Kerberos protocol is used for single sign-on (SSO). If you use the NT LAN Manager (NTLM) authentication protocol, add the SecurityProtocol additional setting. For instructions on adding the additional setting, see Single Sign-On with the NTLM Authentication Protocol.

  1. Obtain the domain name and fully qualified domain name of the Active Directory server.
  2. Ensure that LDAP is configured on the Active Directory (AD) server:
    1. From the AD Server, select Start > Run.
    2. In the Run dialog box, type ldp and click OK.
    3. From the Connections menu, click Connect.
    4. In the Connect dialog box, enter information about the server:
      • In the Server box, type the name of the external domain server, for example, computer.domain.com.
      • In the Port box, type 636 as the port number for the external domain server.
      • Select the SSL check box to check for the proper certificate.
      • Click OK.

      When the LDAP is properly configured, the external domain server details are displayed in the LDP window. Otherwise, an error message appears indicating that a connection cannot be made using this feature.

  3. From the CommCell Browser, go to Security.
  4. Right-click Domains > Add new domain > Active Directory.
  5. In the Add New Domain Controller dialog box, enter the information about the domain controller:
    1. In the NetBIOS Name box, enter the domain name, for example, mydomain.
    2. In the Domain Name box, enter the Fully Qualified Domain Name (FQDN), for example, mydomain.mycompany.com.
    3. To allow users to automatically log on to the CommCell Console and Web Console, select the Enable SSO check box.
    4. Next to the User Account box, click Edit.
    5. In the Enter User Account Information dialog box, enter the user account information.

      The user account must have at least read access to the domain.

  6. Click OK.
  7. Restart the Tomcat service on the computer where the Web Console is installed.

    For instructions on restarting the Tomcat service, see Restarting a Service.

Single Sign-On with the NTLM Authentication Protocol

You can use single sign-on (SSO) with the NT LAN Manager (NTLM) authentication protocol.

  1. On the Web Console computer, add the SecurityProtocol additional setting:
    Property Value
    Name SecurityProtocol
    Category WebConsole
    Type STRING
    Value 2

    For instructions on adding the additional setting from the CommCell Console, see Add or Modify an Additional Setting.

  2. Restart the Tomcat services on the Web Console computer.

    For instructions on restarting the Tomcat service, see Restarting a Service.