Activating and configuring Windows authentication

The interface information for the Windows authentication is included in the Infor BI Repository Administration. However, the Windows authentication is registered by default only if it has been selected when creating the repository database.

To activate and configure Windows authentication:

  1. To register the authentication system, right-click the User Management node in the tree and select the Authentication Systems command. The Authentication Systems dialog opens.
  2. Click Register. The Register Authentication System dialog opens.
  3. Select the Windows check box.
  4. Click OK. This activates all versions of the DLL files for the Windows authentication. The Windows authentication system is now shown in the Authentication Systems dialog.
  5. To configure the Windows authentication provider settings, select the Windows authentication system in the Authentication Systems dialog and click Properties. The Windows Authentication System Properties dialog opens.
  6. Specify the domain log-on data that is required to register users and groups of protected Windows domains:
    User name
    Specify the user name that is required to log on to the domain. The user name must be a valid domain account that has the format "domain\user name". The Windows provider requires fully qualified domain names for users and groups.
    Password
    Specify the required password of the user.
    Note: After an update from older Infor BI versions, the Windows user names are sometimes truncated so that the full domain name which is part of the user name is not migrated. Consequently, client applications cannot be used by users that were migrated from that Windows domain. To avoid this situation, an administrator must use the Synchronize registered users/groups with authentication system command after the migration on the Users and Groups tab of the User Management tree node.
  7. Specify the connection options. Select one of these check boxes to configure the Windows authentication.
    Note: The default settings are: Kerberos authentication, active data integrity, and active Kerberos encryption. Kerberos authentication does not require to specify a special domain account. You can close the dialog with empty User name and Password fields. If you specify a user name, you must also specify a password.
    Basic authentication
    If you activate basic authentication mode, the specified user and password are used to access the domain.
    Kerberos/NTLM authentication
    If you activate Kerberos/NTLM authentication mode, the Windows credentials of the current user are used to access the domain.
    Verify data integrity
    If you select this check box, the data sent and received are checked to be valid. This option is only available for Kerberos authentication mode.
    Kerberos encryption
    If you select this check box, the communication that uses Kerberos is encrypted. This option is only available for Kerberos authentication mode.
    Use SSL communication
    If you select this check box, a secure SSL channel is used for the communication.
  8. Select the check box Show users of registered groups to display the Windows users who are registered by their group membership in the User Management of the repository database.
  9. To check the configured Windows authentication, click Test. If you have specified the user name and password, they are checked to determine whether these are valid domain credentials.
  10. To save the Windows Authentication System Properties, click OK.

    When you have activated and configured the Windows authentication system, you add users and groups in the User Management.

    See Registering users and groups.

Parent topic: Administering authentication systems