How to configure Windows authentication when SquaredUp is installed on a SCOM Management Server
When to use this article
This article applies if:
- You want to enable Windows authentication (single sign-on(SSO))
- SquaredUp is installed on a SCOM management server
If you want to configure Windows authentication in a different scenario, review How to configure Windows authentication to find the appropriate article.
SquaredUp has been installed and the initial configuration wizard (licensing etc) has been completed. See How to install SquaredUp for SCOM.
Summary of steps
- Enable Windows authentication using the SquaredUp configuration tool
- Configure your web browsers to use Windows authentication
- Verify the configuration
1. Enable Windows authentication using the SquaredUp configuration tool
The first step is to configure IIS to use Windows authentication. This is performed automatically using the SquaredUp configuration tool.
Modifying the configuration causes the web application to restart and all users will be logged off.
On the SquaredUp server click on the Start button and type:
Change directory to the instance for which you wish to change authentication, by typing the correct path, for example:
depending on your version of SquaredUp.
Type the following to enable Windows authentication, depending on your version of SquaredUp:
2. Configure your web browsers to use Windows authentication
Your users' web browsers must be configured to use Windows authentication when connecting to SquaredUp.
The configuration depends on the browser.
By default, Internet Explorer is enabled to use Windows authentication for intranet sites only. If your users may connect to SquaredUp using a fully qualified domain name (FQDN) (e.g. webserver1.domain.local) then you must add this to the list of intranet sites in Internet Explorer.
Please note that your domain settings may differ from the Internet Explorer defaults, so we recommend that you review the settings below.
Navigate to Tools > Internet Options > Security > Local intranet > Sites > Advanced
- Paste in the fully qualified domain name for your SquaredUp server, and click Add, then Close, then OK.
- Click on Local intranet and then Custom level.
- Scroll to the bottom of the settings and verify that either of the following settings are enabled:
Automatic logon with current user name and password
Automatic logon only in Intranet zone
If you prefer, you can add the sites to the local intranet sites on all clients using Group Policy, see:
By default, Chrome uses the Internet Explorer local intranet sites configuration. Follow the steps above.
In addition, Chrome requires that Kerberos constrained delegation is explicitly configured.
For more details, see The Chromium Projects - HTTP authentication
Firefox requires explicit configuration to enable Windows authentication.
about:configin the location bar.
network.negotiate-auth.trusted-urisin the search box.
Double-click on the setting returned and type the SquaredUp server name and then the fully qualified domain name (FQDN) separated by a comma and a space. Do not include the http:// or https://
- Click OK.
- Repeat these steps for the
3. Verify the configuration
Check that SquaredUp is now accessible:
- Log on to a client machine as a SCOM user, using a different user account to that with which you are logged on to the SquaredUp server. (Note that it must be a different account, otherwise Windows authentication may reuse your server logon session and it may appear to succeed even if it is misconfigured).
- Browse to SquaredUp, for example from both http://SquaredUpServer/SquaredUpv4 and http://SquaredUpServer.domain.tld/SquaredUpv4
- If SquaredUp opens, check that graphs are shown. If they are not, check the Data Warehouse connection (see Troubleshooting the Data Warehouse connection).
Please contact SquaredUp Support if you experience any problems and reply to the automatic response with the output of the SquaredUp Diagnostics (see Collecting diagnostic information) and, if possible, a screenshot of the problem.