This is not the latest version of Identity Director documentation.
View available documentation.

Configure Windows authentication

Microsoft recommends to use Windows authentication when you connect to a Microsoft SQL Server. This is more secure than SQL Server authentication.

  • Depending on the configuration of your database server, you can use Windows authentication on server-level or database-level. If you switch between authentication modes on server-level, other databases on this server will also be affected.
  • You can only use Windows authentication if all Identity Director components are member of a domain in the same AD forest or of a trusted domain (typically single-tenant sites). In an environment with disjointed AD connectivity (typically in multi-tenant sites), Windows authentication is not supported.
  • Windows authentication is not supported on Domain Controllers and on Microsoft Windows Small Business Server.

Transaction Engine

In addition, configure the Transaction Engine. The Transaction Engine service needs to run under the service account with access rights to the database. You need to configure this manually:

New installations:

  • For manual installations of the Transaction Engine, you can configure Windows Authentication settings in the installation wizard.
  • For unattended installations of the Transaction Engine, provide an empty value for the public property DBUSER.

Existing installations:

You can configure these settings by starting the configuration wizard of the Transaction Engine, using a (service) account with access rights to the database:
"%ProgramFiles%\RES Software\IT Store\Transaction Engine\resote.exe" /configdb

You can also do this silently with the following command line:
"%ProgramFiles%\RES Software\IT Store\Transaction Engine\resote.exe" /configdb /silent /dbtype=<dbtype> /dbserver=<server> /dbname=<database> /dbuser= /dbencryption=<yes/no>

Windows Authentication will only be used if the /dbuser argument has an empty value (... /dbuser= /dbencryption=no....). In this situation, the value of the /dbpassword argument will be ignored.

See also
  • Unattended installations