Configuring Integrated Windows Authentication
- Skill Level: Advanced
- Estimated Time Required: 30-45 minutes
- Prerequisites:
- All required authentication credentials are available.
- Access to system, network, and FME Server administrators.
Note: The task described here should be undertaken by advanced users only. Before proceeding, consider your options for alternative solutions until you are certain you wish to proceed. For additional resources, consult the FME Community or FME Support.
With Integrated Windows Authentication (IWA), also known as "single sign-on," you can enable the users you import from your Windows Active Directory connections to integrate their Windows login credentials with FME Server. When single sign-on is enabled:
- There is no need to log in to the FME Server Web User Interface. Instead, select Use Windows Credentials on the Sign In page.
- Similarly, there is no need to log in to FME Server when using FME Workbench to publish a workspace or download an item. Instead, check Use Alternate Login Method and specify Windows Credentials in the Publish or Download wizard.
Note: When publishing a workspace to the Notification Service, you must still provide your FME Server credentials in the HTTP Authentication fields of the Edit Service Properties dialog of the wizard.
Note: Single sign-on is currently supported on Internet Explorer, Firefox and Chrome.
To enable single sign-on:
- Update the Windows domain configuration to allow FME Server to authenticate using single sign-on.
- Update the web browser configuration to use single sign-on.
- If you have not already done so, enable single sign-on as part of SASL authentication of a Windows Active Directory connection.
- (External-facing URL for Apache Tomcat only) Update the Tomcat Properties File with the external-facing URL.