/
Configuring Windows Auth as an Identity Provider

Configuring Windows Auth as an Identity Provider

Oct 11, 2018

The EmpowerID SSO Connector framework allows you to configure an Identity Provider connection for Windows Authentication to allow your users the ability to log in to EmpowerID using their Windows credentials.

For users to log in to EmpowerID using their Windows credentials, they must have user accounts either in the domain being protected by EmpowerID or in a domain trusted by that domain.

This topic describes how to configure an SSO connection for Windows Authentication and is divided into the following activities:

  • Configuring an SSO connection for Windows Authentication

  • Testing the SSO connection

To configure the SSO Connection for Windows Authentication

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the SAML Connections management page by expanding Admin > Applications and Directories > SSO Connections and clicking SAML.

  2. From the SAML Connections tab of SAML SSO Manager, search for Windows.

  3. From the SAML Connections grid, click the drop-down arrow for the Login Using Windows record and click Edit.




  4. From the General tab of the Connection Details page that appears, do the following:

    1. Optionally, if you are using multi-factor authentication and you want to edit the default MFA Point Value for Windows auth, scroll to the Connection Details section and type a new value in the MFA Point Value field.




    2. Scroll to the Account Information section and select the directory for your AD domain from the Account Directory drop-down.




    3. Optionally, scroll to the Single Logout Configuration section and enter a logout URL in the Logout URL field.




    4. Leave all other fields as is.

  5. Click the Domains tab at the top of the page and then click the Add (+) button in the Assigned Domains section.

  6. In the Add Domain dialog that appears, type the name of an existing EmpowerID domain for which you want a Windows login tile to appear on the Login page and then click the tile for that domain.



  7. Click Save to close the Add Domain dialog.

  8. Back in the Connections Details page, click Save to save your changes.

To test the SSO connection

  1. From the Navigation Sidebar, expand IT Shop and click Workflows.

  2. From the Workflows page, recycle the EmpowerID App Pools by clicking Recycle EmpowerID App Pools.




  3. Log out of the EmpowerID Web interface and navigate your browser to the domain name you configured for Windows auth.

  4. When prompted, enter your Windows credentials and then click OK.





On this page