Introduction

This document describes how to configure Active Directory and Active Directory Federation Service (AD FS) Version 2.0 in order to enable it to use WIndows Authentication on MangoApps, which allows users to log in with their Microsoft Windows Logon and not be prompted for credentials.

 

Requirements

  • AD FS Version 2.0  installed and configured with MangoApps Domain as Relying Party Trust

Components Used

The information in this document is based on these software and hardware versions:

  • AD FS Version 2.0 (Hostname: openadfs.mangopulse.com)
  • MangoApps (Hostname: siddwopi.engageexpress.com)

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

 

Configure

1) IIS Manager
Select Windows Authentication and click Advanced Settings under the right-pane. In Advanced Settings, uncheck Enable Kernel-mode authentication, make sure Extended Protection is Off, and click OK.

 

2) Ensure that AD FS Version 2.0 supports both the Kerberos protocol and the NT LAN Manager (NTLM) protocol because all Non-Windows clients cannot use Kerberos and rely on NTLM.
In the right-pane, select Providers and make sure Negotiate and NTLM are present under Enabled Providers:

 

 

3) Configure Browser:

Ensure that Internet Explorer  > Advanced > Enable Integrated Windows Authentication is checked.

 

4) Add AD FS URL under Security >Intranet zones > sites.

5) Add the MangoApps hostnames to Security >Trusted sites.

 

6) Ensure that  Internet Exporer  > security > Local Intranet > Security Settings > User Authentication – Logon is configured in order to use the logged-in credentials for intranet sites.

 

 

Troubleshooting ADFS:

  • If the windows authentication isn’t working please check the event log on ADFS side. It may give insight into the cause.
  • If the error (in the event log) happens to be “MSIS7102: Requested Authentication Method is not supported on the STS.” then please refer this article to update the ADFS configuration – https://social.technet.microsoft.com/Forums/en-US/5f77b787-03ca-458a-a3bd-d1ddb9ed6c4d/sp-initiated-saml-session-not-working-externally?forum=ADFS

 

(Visited 3,273 times, 1 visits today)