The EmpowerID SSO Connector framework allows you to configure an Identity Provider connection for Windows Authentication to allow your users the ability to log in to EmpowerID using their Windows credentials.
| Info |
|---|
For users to To log in to EmpowerID using their Windows credentials, they users must have user accounts either in the domain being protected by EmpowerID or in a domain trusted by that domain. |
This topic describes how to configure an SSO connection for Windows Authentication and is divided into the following activities:
Configuring an SSO connection for Windows Authentication
Testing the SSO connection
To configure an SSO Connection for Windows Authentication
From the navigation sidebar, expand Single Sign-OnConfigure the SSO connection
On the navbar, expand Apps and Authentication > SSO Connections and click SAML.
Search for Windows and then click Login using Windows.
Click the pencil icon to put the SSO Connection in edit mode.
On the General tab of the edit page, do the following:
Optionally, if you are using multifactor authentication and you want to change the default level of assurance (LoA) points for the connection, scroll to the Connection Details section and type a new Value in the Level of Assurance (LoA) field.
Scroll to the Account Information section and select the directory for your AD domain from the Account Directory drop-down.
Optionally, scroll to the Single Logout Configuration section and enter a logout URL in the Logout URL field.
Leave all other fields as is.
Click the Domains tab at the top of the page and then click the Add (+) button in the Assigned Domains section.
In the Add Domain dialog that appears, type the name of an existing EmpowerID domain for which you want a Windows login tile to appear on the Login page Page and then click the tile for that domain.
Click Save to close the Add Domain dialog.
Back in the Connections Details page, click Save to save your changes.
| Tip |
|---|
If you have not set up an IdP IDP Domain for your environment, you can do so by following follow the directions in the below drop-down section. |
| Expand | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
|
Test the SSO connection
On the navbar, expand IT Shop and click Workflows.
On the Workflows page, click Recycle EmpowerID App Pools.
Log out of the EmpowerID Web interface and navigate your browser to the domain name you configured for Windows auth.
When prompted, enter your Windows credentials and then click OK.
| Info |
|---|
If you chose to give users accessing your portal the ability to log in using their EmpowerID accounts (or any other account) and you did not create an IP Address Range, they will be directed to the login page, where they could select a different login option. In this article, Windows Auth is the only login option for the portal, so users will simply be prompted for their Windows credentials. |
Depending on your organizational policy for browser settings, after their first login, users may or may not be prompted for credentials after their first login.
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
| Div | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
IN THIS ARTICLE
|
| title | Related Content |
|---|
ADMINISTRATIVE PROCEDURES
Configuring Azure AD as an Identity Provider
Configuring Box as an Identity Provider
Configuring Facebook as an Identity Provider
Configuring Github as an Identity Provider
Configuring Google as an Identity Provider
Configuring LinkedIn as an Identity Provider
Configuring Paypal as an Identity Provider
Setting up the Remote Windows Identity Provider
Configuring Smart Card as an Identity Provider
Configuring Twitter as an Identity Provider
Configuring Windows Auth as an Identity Provider
Configuring Yahoo as an Identity Provider
Configuring Yammer as an Identity Provider
Setting MFA Points Granted by SSO Connections