When to use this article
This article applies if:
- You want to enable Windows authentication (single sign-on(SSO))
- SquaredUp is installed on a SCOM management server
If you want to configure Windows authentication in a different scenario, review How to configure Windows authentication to find the appropriate article.
SquaredUp has been installed and the initial configuration wizard (licensing etc) has been completed. See How to install SquaredUp v4 for the first time.
Summary of steps
- Enable Windows authentication using the SquaredUp configuration tool
- Configure your web browsers to use Windows authentication
- Verify the configuration
1. Enable Windows authentication using the SquaredUp configuration tool
The first step is to configure IIS to use Windows authentication. This is performed automatically using the SquaredUp configuration tool.
Modifying the configuration causes the web application to restart and all users will be logged off.
- On the SquaredUp server click on the Start button and type
Change directory to the instance for which you wish to change authentication, by typing the correct path, for example:
Type the following to enable Windows authentication:
2. Configure your web browsers to use Windows authentication
Your users' web browsers must be configured to use Windows authentication when connecting to SquaredUp.
The configuration depends on the browser.
By default, Internet Explorer is enabled to use Windows authentication for intranet sites only. If your users may connect to SquaredUp using a fully qualified domain name (FQDN) (e.g. webserver1.domain.local) then you must add this to the list of intranet sites in Internet Explorer.
Please note that your domain settings may differ from the Internet Explorer defaults, so we recommend that you review the settings below.
Navigate to Tools > Internet Options > Security > Local intranet > Sites > Advanced
- Paste in the fully qualified domain name for your SquaredUp server, and click Add, then Close, then OK.
- Click on Local intranet and then Custom level.
- Scroll to the bottom of the settings and verify that either of the following settings are enabled:
Automatic logon with current user name and password
Automatic logon only in Intranet zone
If you prefer, you can add the sites to the local intranet sites on all clients using Group Policy, see:
By default, Chrome uses the Internet Explorer local intranet sites configuration. Follow the steps above.
For more details, see The Chromium Projects - HTTP authentication
about:configin the location bar.
network.negotiate-auth.trusted-urisin the search box.
Double-click on the setting returned and type the SquaredUp server name and then the fully qualified domain name (FQDN) separated by a comma and a space. Do not include the http:// or https://
- Click OK.
3. Verify the configuration
Check that SquaredUp is now accessible:
- Log on to a client machine as a SCOM user, using a different user account to that with which you are logged on to the SquaredUp server. (Note that it must be a different account, otherwise Windows authentication may reuse your server logon session and it may appear to succeed even if it is misconfigured).
- Browse to SquaredUp, for example from both http://SquaredUpServer/SquaredUpv4 and http://SquaredUpServer.domain.tld/SquaredUpv4
- If SquaredUp opens, check that graphs are shown. If they are not, check the Data Warehouse connection.