Configure integrated Windows authentication
Semarchy xDM supports seamless integration with Windows Authentication (Kerberos, NTLM) using the Windows Authentication - SSO or Windows Authentication - Form identity providers.
| Using Windows Authentication requires that the Semarchy xDM is installed on a server running a Windows operating system. |
Supported capabilities
Windows Authentication appears as two distinct IDP types that define how the authentication takes place:
-
Windows Authentication - SSO: With this IDP, the authentication is transparently performed with the windows user connected to the client machine that runs the web browser. That user is authenticated against the windows authentication configured on the Semarchy xDM server. This IDP forces the user to automatically authenticate in Semarchy with his Windows user.
-
Windows Authentication - Form: With this IDP, the user authenticates by providing his credentials in a login form. Using these credentials, the user is authenticated against the Windows authentication configured on the Semarchy xDM server. This IDP allows the user to authenticate in Semarchy with a different user than his Windows user.
With both these IDPs, the user’s Windows security groups, including nested and domain groups, are retrieved as roles during the authentication.
These IDPs do not support profile properties synchronization from the IDP.
Configuration
To configure Windows Authentication, follow the steps to configure an identity provider with the Windows Authentication - SSO or Windows Authentication - Form type.
A Windows Authentication IDP relies on the server operating system configuration and does not require any additional configuration in Semarchy xDM.