Enabling Single Sign-on with Active Directory

 

Table of Contents

 

    Introduction
    Enabling Single Sign-on Using NTLMv1
    Contact Us

 

 

 

Introduction

 

If you have integrated SysAid with Microsoft Active Directory (AD) for user management and authentication, you can enable Single Sign-on (SSO) so that users are automatically logged into SysAid at the same time that they log into their computer. If you have not yet integrated SysAid with AD but would like to, please go here.

 

SysAid supports NTLM or Kerberos authentication when enabling Single Sign-on with Active Directory. The following help file explains how to set up this authentication.

 

Terms in orange are variables that you must replace with the appropriate values for your network.

 

Note: The contents of this page are only relevant for On-Premise accounts. Cloud customers can set up SSO through one SysAid's available Third Party Integrations.

 

 

 

 

Enabling Single Sign-on Using NTLMv1

 

To configure single sign-on using NTLM authentication for SysAid In-House Edition:

  1. Open the serverConf.xml file located at ...\SysAidServer\root\WEB-INF\conf.
  2. Search for the line with the tag <serverURL> and insert the following lines immediately below it (copy and paste from here):
  3.  

    <ntlmAuth>

    <ntlmParam>

    <ntlmParamName>jcifs.smb.client.domain</ntlmParamName>

    <ntlmParamValue>ACME</ntlmParamValue>

    </ntlmParam>

    <ntlmParam>

    <ntlmParamName>jcifs.http.domainController</ntlmParamName>

    <ntlmParamValue>DC1.acme.com</ntlmParamValue>

    </ntlmParam>

    <ntlmParam>

    <ntlmParamName>jcifs.smb.client.username</ntlmParamName>

    <ntlmParamValue>username_on_AD</ntlmParamValue>

    </ntlmParam>

    <ntlmParam>

    <ntlmParamName>jcifs.smb.client.password</ntlmParamName>

    <ntlmParamValue>password_of_the_above_username</ntlmParamValue>

    </ntlmParam>

    </ntlmAuth>

     

  4. Make sure to replace the following four variables. Replace:
  5. Save changes to serverConf.xml.
  6. Restart the SysAid Server service. SSO is now enabled throughout your network.

 

If SSO is still not enabled after following the above instructions, there is an additional change that must be made in the Domain Controller Security Settings for each of your computers. Open Local Policies\Security Options and then set the Network Security > LAN Manger Authentication Level to LM and NTLM responses. Test this change on one computer, and if it works, make this change for all of your computers using a group policy.

 

 

 

Contact Us

 

SysAid welcomes your questions and suggestions. We can be reached via phone and email:

Toll Free phone center (U.S): 800-686-7047

Tel (U.S): +1 617-231-0124

Fax (U.S): +1 617 507 2559

Tel (Israel): +972 3 533 3675

Fax (Israel): +972 3 761 7205

Email: helpdesk@sysaid.com

SysAid community: http://www.sysaid.com/Sysforums/forums/home.page

You can also view our full support page at http://www.sysaid.com/contact_support.htm.