Configuring Integrated Windows Authentication
With Integrated Windows Authentication (IWA), also known as "single sign-on," you can enable the users you import from your Active Directory connections to integrate their Windows login credentials with FME Server. When single sign-on is enabled:
- There is no need to log in to the FME Server Web User Interface. Instead, select Use Windows Credentials on the Sign In page.
- Similarly, there is no need to log in to FME Server when using FME Workbench to publish a workspace. Instead, simply check 'Use Windows session credentials' in the Publish to FME Server wizard.
Note: When publishing a workspace to the Notification Service, you must still provide your FME Server credentials in the HTTP Authentication fields of the Edit Service Properties dialog of the wizard.
Note: Single sign-on is currently supported on Internet Explorer, Firefox and Chrome.
To enable single sign-on:
- Update the Windows domain configuration to allow FME Server to authenticate using single sign-on.
- Update the web browser configuration to use single sign-on.
- If you have not already done so, enable single sign-on as part of SASL authentication of an Active Directory connection.
- (External-facing URL for Apache Tomcat only) Update the Tomcat Properties File with the external-facing URL.