Configuring Integrated Windows Authentication

  • Skill Level: Advanced
  • Estimated Time Required: 30-45 minutes
  • Prerequisites:
    • All required authentication credentials are available.
    • Access to system, network, and FME Flow administrators.
Note  The task described here should be undertaken by advanced users only. Before proceeding, consider your options for alternative solutions until you are certain you wish to proceed. For additional resources, consult the FME Community or FME Support.

With Integrated Windows Authentication (IWA), also known as "single sign-on," you can enable the users you import from your Windows Active Directory connections to integrate their Windows login credentials with FME Flow. When single sign-on is enabled:

  • There is no need to log in to the FME Flow Web User Interface. Instead, select Use Windows Credentials on the Sign In page.
  • Similarly, there is no need to log in to FME Flow when using FME Workbench to publish a workspace or download an item. Instead, check Use Alternate Login Method and specify Windows Credentials in the Publish or Download wizard.
  • Note  When publishing a workspace to the Notification Service, you must still provide your FME Flow credentials in the HTTP Authentication fields of the Edit Service Properties dialog of the wizard.
Note  Single sign-on is currently supported on Microsoft Edge, Firefox and Chrome.

To enable single sign-on:

  1. Update the Windows domain configuration to allow FME Flow to authenticate using single sign-on.
  2. Update the web browser configuration to use single sign-on.
  3. If you have not already done so, enable single sign-on as part of SASL authentication of a Windows Active Directory connection.
  4. (External-facing URL for Apache Tomcat only) Update the Tomcat Properties File with the external-facing URL.