Configure Windows Authentication

  1. Rename the windowsauth.settings.json.dist configuration file to windowsauth.settings.json.

  2. In the windowsauth.settings.json, there are two sections for assigning windows users and windows groups to the three Colectica roles. For windows users, use the full AD name of the user. For groups, it is highly recommended by Microsoft to use the group’s SID for performance reasons. Only the SID of groups are included in the Windows auth tokens, using the names can result in round trips the the AD server.

    Windows Users

    "WindowsUsers": {
      "ColecticaAdministratorRoles": [
        "DOMAIN\\User1",
        "DOMAIN\\User2"
        ],
      "ColecticaUserRoles": [],
      "ColecticaGuestRoles": []
    },
    

    Windows Groups

    "WindowsGroups": {
      "ColecticaAdministratorRoles": [
        "S-1-5-21-1004336348-1177238915-682003330-512",
        "S-1-5-21-1004336348-1177238915-682003330-1145"
         ],
      "ColecticaUserRoles": [],
      "ColecticaGuestRoles": []
    }
    
  3. Configure IIS authentication

    1. The Workflow Website will need to accept both Windows Authentication from web users and Anonymous Authentication for service to service communication.

    2. Select the Workflow Website IIS Site

      1. Enable Windows Authentication

      2. Enable Anonymous Authentication