June 22, 2010
Parent Article: How do I Profile Networks and Users using Windows Authentication?
The purpose of using Windows Authentication is typically to assign profiles and privileges by group membership. This allows profiles to "follow" a user regardless of the machine used, providing granular accountability for web access. Using Windows Authentication validates user credentials against a Domain-Controller, and obtains group assignments from a Domain Controller for affiliation with iPrism profiles and privileges.
Windows Authentication will support a multiple-domain environment.
iPrism can see other domains that trust the domain iPrism is joined to and will be able to authenticate users from the trusted domains (two-way trust is required).
Note: Profiling using Windows groups is recommended; as a fallback position, profiling using IP address may be used. This "fallback profile" using IP address may be used for users who successfully authenticate, but may not be found as a member of a mapped group in iPrism. Use a "fallback privilege" for the same reason. These topics are discussed further in:
Assuming the above is tested and working, you may want to implement iPrism Auto-Login so users are not required to explicitly login to iPrism. See How do I enable AutoLogin?
If using Terminal Server services for some or all users, see Citrix/Terminal Server with Windows-Authentication/AutoLogin.
HTTPS Issues (SSL Certificates, Reporting, User Sessions)