Configuring Integrated Windows Authentication

Integrated Windows Authentication requires configuration to be completed on the Active Directory Domain Controller server, on the AX Server, and on the desktop computer of each end-user that will access ACL Analytics Exchange applications. The Active Directory configuration will need to be completed by a system administrator. The rest of the configuration can be completed by an ACL Analytics Exchange administrator. When the required configuration is complete, end-users will be able to securely access ACL Analytics Exchange applications without being prompted for their login information.

The following steps must be completed to configure Integrated Windows Authentication:

  1. Create a new Windows account in Active Directory. The required account is called a Service Principal Name (SPN) account, and it is used to map the AX Server authentication service to an Active Directory account. For details, see Creating a SPN account.
  2. Run the ktpass command. This step must be completed on the Active Directory Domain Controller server while you are logged in as Administrator. This command completes two tasks: 1) It maps the AX Server authentication service to the Active Directory SPN account, and 2) it (optionally) creates a keytab file that can be used to test your configuration. For details, see Mapping the AX Server authentication service to the SPN account.
  3. Use the setspn command to register a SPN for the AX Connector service. For details, see Adding a SPN account for the AX Connector service.
  4. Optional. Copy the keytab file to the AX Server and use the kinit command to test your configuration. For details, see Testing the SPN account mapping.
  5. Configure Internet Explorer on each ACL Analytics Exchange end-user’s desktop computer to enable Integrated Windows Authentication. For details, see Configuring Internet Explorer for Integrated Windows Authentication.

(C) 2015 ACL Services Ltd. All Rights Reserved.