How to Enable Active Directory Automatic Passthrough Authentication to Work with ServiceDesk and Workflow on Windows 2008

Article:HOWTO53270  |  Created: 2011-06-03  |  Updated: 2014-03-25  |  Article URL http://www.symantec.com/docs/HOWTO53270
Article Type
How To




Issue

When opening Process Manager for ServiceDesk 7.1 or Workflow 7.1, with Active Directory login enabled, the expectation is that the user will automatically be logged in without having to provide credentials. In some cases this fails to accept the passthrough authentication and stops at the login screen. If the user types their credentials manually, however, the login works.

Environment

 ServiceDesk 7.1 or Workflow 7.1 installed on Windows 2008 Server.

Ensure that the following has been set up in ServiceDesk to enable automatic passthrough authentication to work:

  • The user is logging in through Internet Explorer to Process Manager. All non-IE browsers are not supported for automatic login, such as Firefox, Chrome, and Safari as these browsers do not perform automatic login using windows/AD credentials. 
  • Active Directory user accounts have been synced into Process Manager.
  • Active Directory Authentication has been enabled in Process Manager under the Admin menu > Portal > Master Settings > Process Manager Active Directory Settings.

Resolution

1. If ServiceDesk is being used, ensure that the ServiceDesk installation was performed using the following article. If installing Workflow 7.1 follow the applicable steps through step 46 on page 24.  If these instructions were not used for your installation, a reinstall using these instructions may be necessary.

Installing or Upgrading Servicedesk 7.0 MR2 to 7.1 - Using a Domain-based Service Account
http://www.symantec.com/docs/HOWTO49691 

2. For each workstation that will be using ServiceDesk, and on the ServiceDesk server itself, Internet Explorer must be set to passthrough the login name and password. The default is set only to do this when the site is Local Intranet. Add the ServiceDesk server to the Local Intranet to change this. This is in Tools > Internet Options > Security > Local Intranet > Sites > Advanced > Add the URL to this zone. Also,  on the Security tab, go to Local Intranet > Select Custom Level, scroll to the bottom and look under User Authentication > Automatic Logon only in Intranet Zone must be selected. After making changes, the browser will need to be closed and restarted. Note: These settings could be configured using a group policy.

No other configuration steps are needed other than ensuring the items in the Environment section and Resolution section of this article have been done. 

 

 





Article URL http://www.symantec.com/docs/HOWTO53270


Terms of use for this information are found in Legal Notices