Page Comparison

The EmpowerID SSO Connector framework allows you to configure an Identity Provider connection for Windows Authentication to allow your users the ability to log in to EmpowerID using their Windows credentials.

This topic describes how to configure an SSO connection for Windows Authentication and is divided into the following activities:

• Configuring an SSO connection for Windows Authentication
• Testing the SSO connection

To configure the SSO Connection for Windows Authentication

1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the SAML Connections management page by expanding Admin > Applications and Directories > SSO Connections and clicking SAML.
2. From the SAML Connections tab of SAML SSO Manager, search for Windows.
3. From the SAML Connections grid, click the drop-down arrow for the Login Using Windows record and click Edit.

1. 
   
   Image Added
   
   
   
2. From the General tab of the Connection Details page that appears, do the following:
   1. Optionally, if you are using multi-factor authentication and you want to edit the default MFA Point Value for Windows auth, scroll to the Connection Details section and type a new value in the MFA Point Value field.
      
      Image Added
      
      
      
   2. Scroll to the Account Information section and select the directory for your AD domain from the Account Directory drop-down.
      
      Image Added
      
      
      
   3. Optionally, scroll to the Single Logout Configuration section and enter a logout URL in the Logout URL field.
      
      Image Added
      
      
      
   4. Leave all other fields as is.
      
      
3. Click the Domains tab at the top of the page and then click the Add (+) button in the Assigned Domains section.

4. In

1. the Add Domain

1.  dialog that appears, type the name of an existing EmpowerID domain for which you want a Windows login tile to appear on the Login page and then click the tile for that domain.

1. 
   
   Image Added
   
   

   Info
   If you have not set up an IdP Domain for your environment, you can do so by following the directions in the below drop-down

1. section;

   
   

   Rw ui expands macro
   Rw ui expand macro title To create an IdP Domain From the

1. navigation sidebar, expand Admin > Applications and Directories

1. and

1. click SSO Components. Click the IdP Domains tab and then click the Add IdP Domain

1. button. Type the fully qualified domain name in the Domain Name field and then click Save.

   
   

2. Click Save to close the Add Domain dialog.
3. Back in the Connections Details page, click Save to save your changes.

To test the SSO connection

1. From the Navigation Sidebar,

1. expand IT Shop and

1. click Workflows.
2. From the Workflows page, recycle the EmpowerID App Pools by clicking Recycle EmpowerID App Pools.
   
   Image Added
   
   
   
3. Log out of the EmpowerID Web interface and navigate your browser to the domain name you configured for Windows auth.

4. When prompted, enter your Windows credentials and then click OK.

1. 
   
   Image Added
   
   

   Info
   If you chose to give users accessing your portal the ability to log in using their EmpowerID accounts (or any other account) and you did not create an IP Address Range, they will be directed to the login page, where they could select a different login option. In this article, Windows Auth is the only login option for the portal so users will simply be prompted for their Windows credentials.

   
   

   Tip
   Depending on your organizational policy for browser settings, after their first login, users may or may not be prompted for credentials.