How to configure Windows authentication when SquaredUp is installed on a SCOM Management Server

When to use this article

This article applies if:

• You want to enable Windows authentication (single sign-on(SSO))
• SquaredUp is installed on a SCOM management server

If you want to configure Windows authentication in a different scenario, review How to configure Windows authentication to find the appropriate article.

Prerequisites

SquaredUp has been installed and the initial configuration wizard (licensing etc) has been completed. See How to install SquaredUp v4 for the first time.

Summary of steps

1. Enable Windows authentication using the SquaredUp configuration tool
2. Configure your web browsers to use Windows authentication
3. Verify the configuration

1. Enable Windows authentication using the SquaredUp configuration tool

The first step is to configure IIS to use Windows authentication. This is performed automatically using the SquaredUp configuration tool.

Modifying the configuration causes the web application to restart and all users will be logged off.

1. On the SquaredUp server click on the Start button and type command prompt

2. Change directory to the instance for which you wish to change authentication, by typing the correct path, for example:

   cd c:\inetpub\wwwroot\SquaredUpv4\

3. Type the following to enable Windows authentication:

   squaredup4 windows

2. Configure your web browsers to use Windows authentication

Your users' web browsers must be configured to use Windows authentication when connecting to SquaredUp.

The configuration depends on the browser.

Internet Explorer

By default, Internet Explorer is enabled to use Windows authentication for intranet sites only. If your users may connect to SquaredUp using a fully qualified domain name (FQDN) (e.g. webserver1.domain.local) then you must add this to the list of intranet sites in Internet Explorer.

Please note that your domain settings may differ from the Internet Explorer defaults, so we recommend that you review the settings below.

1. Navigate to Tools > Internet Options > Security > Local intranet > Sites > Advanced
   
   
   

2. Paste in the fully qualified domain name for your SquaredUp server, and click Add, then Close, then OK.
3. Click on Local intranet and then Custom level.
4. Scroll to the bottom of the settings and verify that either of the following settings are enabled:
   
   Automatic logon with current user name and password
   Automatic logon only in Intranet zone
   
   
   

If you prefer, you can add the sites to the local intranet sites on all clients using Group Policy, see:

Internet Explorer prompting for credentials - Windows authentication (Clint Boessen's blog)

Chrome

By default, Chrome uses the Internet Explorer local intranet sites configuration. Follow the steps above.

For more details, see The Chromium Projects - HTTP authentication

FireFox

1. Type about:config in the location bar.
2. Type network.negotiate-auth.trusted-uris in the search box.

3. Double-click on the setting returned and type the SquaredUp server name and then the fully qualified domain name (FQDN) separated by a comma and a space. Do not include the http:// or https://
   
   

4. Click OK.

3. Verify the configuration

Check that SquaredUp is now accessible:

1. Log on to a client machine as a SCOM user, using a different user account to that with which you are logged on to the SquaredUp server. (Note that it must be a different account, otherwise Windows authentication may reuse your server logon session and it may appear to succeed even if it is misconfigured).
2. Browse to SquaredUp, for example from both http://SquaredUpServer/SquaredUpv4 and http://SquaredUpServer.domain.tld/SquaredUpv4
3. If SquaredUp opens, check that graphs are shown. If they are not, check the Data Warehouse connection.

If you experience any problems please contact SquaredUp Support and reply to the automatic response with the output of the SquaredUp Diagnostics.