Implementing iPrism Windows Authentication

Parent Article: How do I Profile Networks and Users using Windows Authentication?

The purpose of using Windows Authentication is typically to assign profiles and privileges by group membership. This allows profiles to "follow" a user regardless of the machine used, providing granular accountability for web access. Using Windows Authentication validates user credentials against a Domain-Controller, and obtains group assignments from a Domain Controller for affiliation with iPrism profiles and privileges.

• Windows Authentication will support a multiple-domain environment.

• iPrism can see other domains that trust the domain iPrism is joined to and will be able to authenticate users from the trusted domains (two-way trust is required).

Note: Profiling using Windows groups is recommended; as a fallback position, profiling using IP address may be used. This "fallback profile" using IP address may be used for users who successfully authenticate, but may not be found as a member of a mapped group in iPrism. Use a "fallback privilege" for the same reason. These topics are discussed further in:

• Joining iPrism to a Windows Domain

• Assigning Profiles and/or Privileges to Windows Groups

• Assigning Profiles and/or Authentication to Your Networks

Assuming the above is tested and working, you may want to implement iPrism Auto-Login so users are not required to explicitly login to iPrism. See How do I enable AutoLogin?

If using Terminal Server services for some or all users, see Citrix/Terminal Server with Windows-Authentication/AutoLogin.

Windows Authentication FAQs

• Using Windows Authentication, some users get "Invalid Password"

• HTTPS Issues (SSL Certificates, Reporting, User Sessions)