4.5 Integrated Windows Logon

If you set up the MyID server to use Integrated Windows Logon, the Self-Service App can use the user's currently logged-on Windows identity to authenticate to MyID without having to enter passphrases or use a smart card.

Note: Integrated Windows Logon is available for tasks only – actions do not support Integrated Windows Logon.

To set up integrated Windows logon:

1. In MyID Desktop, from the Configuration category, select Security Settings.

   1. On the Logon Mechanisms tab, make sure that Integrated Windows Logon is set to Yes.
   2. Click Save changes, then click Save to confirm your changes.

2. From the Configuration category, select the Directory Management workflow and set up a configuration-only directory for MyID.

   1. Click New and enter a new name – this can be any value.

   2. Select the Retrieve Base DN option.

      MyID attempts to connect to the directory and, if successful, displays a list of possible DNs. Select one of the DNs from the list.

      In most cases, you must select the DN that begins CN=Configuration.

   3. Click Save.

   See Setting up a configuration-only directory section in the Administration Guide for more information.

3. Edit the roles within MyID.

   1. From the Configuration category, select Edit Roles.
   2. Click the Logon Methods option, and select Windows Logon for each role you want to be able to log on with Integrated Windows Logon.
   3. Click OK.
   4. Click Save Changes.

Note: The fields SAMAccountName and Domain must be stored in MyID when using Integrated Windows Logon. The Domain must contain the NetBIOS domain name and not the DNS format.

You must also carry out additional configuration on the web services for Integrated Windows Logon; see the Configuring the MyID web services for Integrated Windows Logon section in the Web Service Architecture guide for details.