Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can configure realms to use Windows desktop SSO in any of the following ways:

Definition List
Windows SSOWhen the Begin Site is configured to use Windows SSO login workflow, you have the option to include multi-factor authentication (MFA) and adaptive authentication.  This method is more secure because it includes the Device Recognition layer. 

Windows SSO (skip workflow)When the Begin Site is configured to use Windows SSO (skip workflow), it bypasses the login workflow, skips MFA, and routes the user directly to the Post Authentication page once it validates the Kerberos ticket. This method bypasses the Device Recognition layer, however, it increases system performance. 

Prerequisites


Excerpt Include
SIWA:Windows desktop SSO configuration
SIWA:Windows desktop SSO configuration
nopaneltrue

...

  1. Go to the Workflow tab. 
  2. In the Workflow section, set the following: 

    Borderless_tables
    Default Workflow

    Set to Username only

    UI Text Box
    sizemedium
    typenote

    To configure two-factor authentication (2FA), select Username | Second Factor

    Public/Private ModeSet to Public Mode Only

    Image RemovedImage Added

  3. In the Custom Identity Consumer section, set the following: 

    Borderless_tables
    Receive TokenSet to Token
    Require Begin SiteSet to True
    Begin Site

    Use any of the following options: 

    • To include MFA and adaptive authentication in login workflow, set to Windows SSO. This method adds the Device Recognition layer, and is more secure.
    • To skip the login workflow and go directly to the Post Authentication page, set to Windows SSO (skip workflow). This method does not include MFA, adaptive authentication, and increases performance. 
    Begin Site URLDepending on the Begin Site selection, this field is auto-populated with WindowsSSO.aspx or WindowsSSO2.aspx.
    User ImpersonationSet to True
    Windows AuthenticationSet to True

    Image Removed Image Added

  4. Click Save