How to configure Windows authentication when Squared Up is installed on a SCOM Management Server
When to use this article
This article applies if:
- You want to enable Windows authentication (single sign-on(SSO))
- Squared Up is installed on a SCOM management server
If you want to configure Windows authentication in a different scenario, review How to configure Windows authentication to find the appropriate article.
Squared Up has been installed and the initial configuration wizard (licensing etc) has been completed. See How to install Squared Up v3 for the first time.
Summary of steps
Enable Windows authentication using the Squared Up configuration tool
Configure your web browsers to use Windows authentication
Verify the configuration
1. Enable Windows authentication using the Squared Up configuration tool
The first step is to configure IIS to use Windows authentication. This is performed automatically using the Squared Up configuration tool.
On the Squared Up server click on the Start button and type
Change directory to the instance for which you wish to change authentication, by typing the correct path, for example:
Type the following to enable Windows authentication:
2. Configure your web browsers to use Windows authentication
Your users’ web browsers must be configured to use Windows authentication when connecting to Squared Up.
The configuration depends on the browser.
By default, Internet Explorer is enabled to use Windows authentication for intranet sites only. If your users may connect to Squared Up using a fully qualified domain name (FQDN) (e.g. webserver1.domain.local) then you must add this to the list of intranet sites in Internet Explorer.
Please note that your domain settings may differ from the Internet Explorer defaults, so we recommend that you review the settings below.
Navigate to Tools > Internet Options > Security > Local intranet > Sites > Advanced
Paste in the fully qualified domain name for your Squared Up server, and click Add, then Close, then OK.
Click on Local intranet and then Custom level.
Scroll to the bottom of the settings and verify that either of the following settings are enabled:
Automatic logon with current user name and password
Automatic logon only in Intranet zone
If you prefer, you can add the sites to the local intranet sites on all clients using Group Policy, see:
By default, Chrome uses the Internet Explorer local intranet sites configuration. Follow the steps above.
For more details, see The Chromium Projects - HTTP authentication
about:configin the location bar.
network.negotiate-auth.trusted-urisin the search box.
Double-click on the setting returned and type the Squared Up server name and then the fully qualified domain name (FQDN) separated by a comma and a space. Do not include the http:// or https://
3. Verify the configuration
Check that Squared Up is now accessible:
Log on to a client machine as a SCOM user, using a different user account to that with which you are logged on to the Squared Up server. (Note that it must be a different account, otherwise Windows authentication may reuse your server logon session and it may appear to succeed even if it is misconfigured).
If Squared Up opens, check that graphs are shown. If they are not, check the Data Warehouse connection.