Set up Windows authentication

The following summarizes the setup process for Windows Authentication.

  1. Enable Windows Authentication.

    For on-premise systems, Windows Authentication can be enabled during the Axiom Application Server installation. If it was not enabled during the installation, you can configure it later using either of the following options:

    • Use the Configure Authentication Methods page of the Axiom Software Manager.

    • Use a Save Type 4 report to modify the applicable system configuration settings (WindowsAuthEnabled and WindowsAuthAllowedDomains). For more information, see System configuration settings.

    When you enable Windows Authentication, you must specify the valid domains for authentication. You can specify multiple domains, separated by commas. You can also choose to enable Active Directory Synchronization if you want to import and synchronize users from Active Directory (for more information, see Set up Active Directory synchronization).

    For Axiom Cloud systems, Axiom Support will enable Windows Authentication for you as part of the system setup.

  2. Set up users in Security. Axiom users must be set up as follows to support Windows Authentication:

    • The user's Axiom login name must match their Windows login name.
    • The user's Authentication method must be set to Windows User. This is the default setting for new users if Windows Authentication is enabled for your installation.

    If users are imported from Active Directory, then they will automatically be created with the appropriate login name and authentication type.

Axiom Cloud systems have the following additional requirements:

  • Installation of the Cloud Integration Service is required to enable the Axiom Cloud system to communicate with your local Windows domain, to validate user credentials. For information on installing the Cloud Integration Service, see the Axiom Cloud Technical Guide and contact Axiom Support as needed.

  • A remote data connection must be created in Scheduler, with the option Use for authentication service enabled. For more information, see Managing remote data connections.

All users who are assigned to the Windows Authentication method will be authenticated based on their Windows credentials. This is the only way that these users can log in—they cannot log in using an internal Axiom password.

If you need to test the security settings of a Windows Authentication user, you can use the Log in as selected user feature to log in to Axiom as that user. For more information, see Testing user security.