Windows (NTLM) authentication can be used concurrently with LDAP authentication. Windows authentication requires entering login credentials in the browser. During LDAP authentication, user’s password is checked on the Active Directory server. Both Windows (NTLM) and LDAP authentications trigger when the user clicks the “Log in as domain user” link (provided that the user account is synchronized with LDAP). Read more >>>
If the user attempts to log in to the system using the domain credentials, the following authentication algorithm is performed:
1.A user authentication check within the domain is performed.
2.If the domain username and the password are stored in a cookie, they will be retrieved from this cookie. Otherwise, a browser window will be displayed to enter the user credential.
Further steps depend on the user synchronization with the LDAP directory.
a.If the user is not synchronized with LDAP:
-
User authentication check is performed through the comparison of the username and the password from the cookie and the corresponding credentials of the bpm’online account. Thus, it is required to specify the same username and password that are used in the domain to enable Windows authentication for the users who are not synchronized with LDAP.
-
Based on the check results, if the data matches and the user account is licensed, the user authorization will be performed.
b.If the user is synchronized with LDAP:
-
The browser sends a request to the Active Directory service to authenticate the user.
-
The query returns the credentials of the current domain user that are compared with the username and the password details stored in the cookie.
-
If the data matches and the user account is licensed, the user authorization will be performed.
Note
User authentication is performed either for the users of the main application or for the self-service portal users. You can set the check order in the Web.config file of the loader application. Read more >>>
See also