Configure Single Sign-on Authentication on Windows

Before you configure Windows domain single sign-on authentication, make sure Sintelix is running on a Windows machine that belongs to the same domain as your users.

Projects created prior to configuring single sign-on authentication will not be accessible to users unless you enable the bulk synchronisation feature. This feature allows users to access older projects using single sign-on authentication by including username permission in addition to domain\username permission.

To configure Windows domain single sign-on authentication:

1. Go to the file: <Sintelix Database Directory>\external-users\user_repositories.xml

   To find the location of your Sintelix database folder, select the Status tab and find the System Configuration section. the location is displayed in the Main datastore location field.

2. Locate the <windowsLoginConfigurations> section in the user_repositories.xml file.
3. Make the changes you require to the code. Use the code below as a guide.

Example

<item>
    <domain>MYCOMPANY</domain>
    <adminGroups>
        <item>BUILTIN\Administrators</item>
    </adminGroups>
    <userGroups role="CONFIGURE">
        <item>BUILTIN\Administrators</item>
    </userGroups>
    <userGroups role="ANALYST">
        <item>NT AUTHORITY\Authenticated Users</item>
    </userGroups>
    <adminRoles></adminRoles>
    <userRoles role="CONFIGURE"></userRoles>
    <allAdmins>false</allAdmins>
    <allUsers role="CONFIGURE">false</allUsers>
</item>    

• domain : Windows domain for this entry must replicate the name as defined in the domain.
• adminGroups : a list of groups which, if the user belongs to one of them, the user gets administrator access.
• userGroups : a list of groups which, if the user belongs to one of them, the user gets the user access of the given role (defaults to CONFIGURE, can be declared multiple times with different roles, evaluated in order of occurrence).
• adminRoles : a list of roles which, if the user has one of them, the user gets administrator access.
• userRoles : a list of roles which, if the user has one of them, the user gets the user access of the given role (defaults to CONFIGURE, can be declared multiple times with different roles, evaluated in order of occurrence).
• allAdmins : overrides group/role search and gives all authenticated users administrator access.
• allUsers : overrides group/role search and gives all authenticated users the user access of the given role (defaults to CONFIGURE).