Configuring Integrated Windows Authentication

With Integrated Windows Authentication (IWA), also known as "single sign-on," you can enable the users you import from your Active Directory connections to integrate their Windows login credentials with FME Server. When single sign-on is enabled:

  • There is no need to log in to the FME Server Web User Interface. Instead, select Use Windows Credentials on the Sign In page.
  • Similarly, there is no need to log in to FME Server when using FME Workbench to publish a workspace. Instead, simply check 'Use Windows session credentials' in the Publish to FME Server wizard.
  • Note: When publishing a workspace to the Notification Service, you must still provide your FME Server credentials in the HTTP Authentication fields of the Edit Service Properties dialog of the wizard.

Note: Single sign-on is currently supported on Internet Explorer, Firefox and Chrome.

To enable single sign-on:

  1. Update the Windows domain configuration to allow FME Server to authenticate using single sign-on.
  2. Update the web browser configuration to use single sign-on.
  3. If you have not already done so, enable single sign-on as part of SASL authentication of an Active Directory connection.
  4. (External-facing URL for Apache Tomcat only) Update the Tomcat Properties File with the external-facing URL.