Enable Single Sign-OnHow to Enable Single Sign-On for App Controller
By default, App Controller is enabled to prompt users to sign in by entering their Active Directory user name and password. The following procedures describe how to configure App Controller to use the user’s current Windows credentials to automatically sign on.
To verify or change the authentication method
Open IIS manager on the App Controller server.
Select the App Controller website.
Expand the website and select the /api node.
Click Authentication.
Enable Windows Integrated Authentication.
Disable Basic Authentication.
To turn on constrained delegation
Log on using an account that has OU Administrator privileges in Active Directory Domain Services. Ensure that this account is also granted the SeEnableDelegationPrivilege user right (for example, a domain administrator could run the command ntrights -u domain\user +r SeEnableDelegationPrivilege on a domain controller, where domain/user represent the domain and account name for the account).
In Active Directory Users and Computers, right-click the App Controller system and click Properties.
Click the Delegation tab.
Select the Trust this computer for delegation to specified services only option.
Select the Use any authentication protocol option.
Click Add and then do one of the following:
a. If the VMM management server is running under the Local System account, enter the name of the VMM management server and select HOST, and then click OK.
b. If the VMM management server is running under a domain account, enter the name of domain account and select SCVMM, and then click OK.
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
By default, App Controller is enabled to prompt users to sign in by entering their Active Directory user name and password. The following procedures describe how to configure App Controller to use the user’s current Windows credentials to automatically sign on.
To verify or change the authentication methodOpen IIS manager on the App Controller server.
Select the App Controller website.
Expand the website and select the /api node.
Click Authentication.
Enable Windows Integrated Authentication.
Disable Basic Authentication.
To turn on constrained delegationLog on using an account that has OU Administrator privileges in Active Directory Domain Services. Ensure that this account is also granted the SeEnableDelegationPrivilege user right (for example, a domain administrator could run the command ntrights -u domain\user +r SeEnableDelegationPrivilege on a domain controller, where domain/user represent the domain and account name for the account).
In Active Directory Users and Computers, right-click the App Controller system and click Properties.
Click the Delegation tab.
Select the Trust this computer for delegation to specified services only option.
Select the Use any authentication protocol option.
Click Add and then do one of the following:
a. If the VMM management server is running under the Local System account, enter the name of the VMM management server and select HOST, and then click OK.
b. If the VMM management server is running under a domain account, enter the name of domain account and select SCVMM, and then click OK.
Restart the App Controller management server.
Share this post
Link to post
Share on other sites