Configure Active Directory service account for SecureAuth IWA service

To enable Windows SSO for your integrated resources in the SecureAuth® Identity Platform, you'll need a Service Principal Name (SPN) assigned to an Active Directory (AD) service account to connect with the SecureAuth IWA service.

The Service Principal Name (SPN) is a name in the Active Directory to uniquely identify your instance. This topic covers how to assign an SPN in the AD data store to work with the Identity Platform and SecureAuth IWA service.

For more information about Windows SSO integration, see Windows SSO integration guide.

Assign SPN in the Active Directory

Set up and assign the SPN to an AD service account for the SecureAuth IWA service. You will need to enter this AD service account name and password in the Identity Platform AD data store settings to allow Windows SSO integration.

  1. In your Active Directory, create the AD service account username you want to use for the SecureAuth IWA service.

  2. Assign the SPN to the AD service account using any of the following commands:

    • To view a list of SPNs, use this command:

      setspn.exe -L ServiceAccountName

    • To assign an SPN to the AD service account, use this command:

      setspn -a HTTP/<SecureAuth IWA service URL> ServiceAccountName

    • To search for duplicate SPNs, use this command:

      setspn -x

    • Use the ADSI Edit to assign an SPN

Next steps

In the Identity Platform, configure the data store settings for Active Directory to Allow Windows SSO integration and provide the service account name and password for this SPN-assigned AD service account name.