File Director can be configured to automatically log users into File Director using their Windows credentials. The Windows log on must be to the same domain to which the File Director Appliance is connected.
If a Windows domain password is modified locally while File Director Single Sign-On is enabled, the new password is used for subsequent File Director logins.
Once SSO has succeeded, credentials are stored in the Windows Credential Store and AutoLogon is enabled. The File Director client will then automatically handle File Director session expiry. It will only prompt for a password in the event of a background log on failure, if the password expires, or if the user changes their password using another device. If the user changes their password using the same Windows endpoint, the SSO credentials are automatically updated.
Endpoints must have access to the Kerberos Ticket Granting server within Active Directory (AD). This is required to locate the key information associated with the user account, and to allow a token to be returned to the client system, for permitted access to the File Director server. In order to use Kerberos authentication from the Windows endpoint, the environmental prerequisites for Kerberos Authentication must be met.
For more information, see Kerberos authentication.
|Value Name: EnableSSO
Value Type: REG_DWORD
|Automatically logs users in to File Director when they successfully log in to Windows.
To disable SSO EnableSSO set to 0
To enable SSO using NTLM EnableSSO set to 1
To enable SSO using Kerberos EnableSSO set to 2
For Kerberos, the environment prerequisites must be met.
In the case where EnableSSO is set to 1 (NTLM), the Username value must be configured. It must also be in UPN format for SSO to work. This is commonly defined using environment variables under HKLM, i.e. %USERNAME%@%USERDNSDOMAIN%