Setup the Active Directory Domain Controller server, AX Server, and the desktop environment for each client application end user to configure Integrated Windows Authentication. Integrated Windows Authentication enables single sign-on access control for AX Client users.
Note
Integrated Windows Authentication is not supported for instances of AX Client running on the server's operating system. You must be connecting from a client operating system otherwise the application defaults to form-based authentication.
How it works
Integrated Windows Authentication uses the security features of Windows clients and servers. It does not prompt users for a user name and password, and the current Windows user information on the client computer is supplied by the web browser through a cryptographic exchange. The following protocols are used to manage authentication:
SPNEGOAX Client connections
Kerberos server profile connections to Analytics
If the authentication exchange initially fails to identify the user, the web browser will prompt the user for a Windows user account user name and password.
Create an SPN account
Create a new Windows Service Principal Name (SPN) account in Active Directory to map the AX Server authentication service to an Active Directory account.
Prerequisite: Add the Java bin subfolder to your path environment variable to use the klist command without specifying the full path.
set PATH=java_bin_path;%PATH%
On the Active Directory Domain Controller server, copy the .keytab file you created with the ktpass command and paste it in the Windows directory of AX Server.
In the Windows directory of AX Server, create a file called krb5.ini.
From the command prompt, use the following command to verify that the keytab file can be read:
klist -k
To attempt to authenticate, use the following command:
Enable Integrated Windows Authentication from Internet Explorer
Enable Integrated Windows Authentication from Internet Explorer in each end user's desktop environment. Users must be connecting from a client operating system, Integrated Windows Authentication is not supported for instances of AX Client running on the server's operating system.