Using Windows integrated authentication with CodeSign Protect clients

You can set up Windows authentication so users can automatically log in and access CodeSign Protect features once they have logged into Windows. No need for a user to authenticate specifically to CodeSign Protect if they already have logged in and have access on a Windows machine running the CodeSign Protect client.

Windows integrated authentication can be used for logging in to CodeSign Protect when your IIS server runs on a corporate network that is using Microsoft Active Directory service domain identities or other Windows accounts to identify users.

Prerequisites

• Active Directory Identity Connector should be set up in Venafi Configuration Console.

  See Creating an Active Directory connection.

• The Windows server that Trust Protection Platform is installed on and hosts the Web Console needs to be a member of the Active Directory Forest that you want to support for Windows Integrated Authentication.
• Windows Authentication must be installed as a role service of the web server role on the Windows machine.

To install Windows Authentication role services

1. In Windows, click Start, and then click Administrative Tools, and then click Server Manager.
2. In Server Manager, click the Manage menu, and then click Add Roles and Features.
3. In the Add Roles and Features wizard, click Next.
4. Select the installation type and click Next.
5. Select the destination server and click Next.

6. On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Security, and then select Windows Authentication.

   

7. Click Next.
8. On the Select features page, click Next.
9. On the Confirm installation selections page, click Install.
10. On the Results page, click Close.

To change the authentication mode to Windows

1. Open the Internet Information Services (IIS) Manager.
2. In the Connections pane, navigate to the Venafi server.
3. Select VEDAuth.

4. Under Management, click Configuration Editor.

   

5. In the Configuration Editor Window, in the Section drop-down, make sure system.web/authentication is selected.

6. In the Deepest Path group, Forms node, mode entry, use the drop-down to change the mode from None to Windows.

   

7. Click Apply.

To enable Windows integrated authentication settings for CodeSign Protect

1. Open the Internet Information Services (IIS) Manager.

2. In the Connections pane, navigate to the Venafi server, then select VEDAuth.

   

3. Under IIS, click Authentication.

4. Set Anonymous Authentication and Windows Authentication to Enabled.

   

How users use Windows integrated authentication for CodeSign Protect logins

After setting up Windows integrated authentication, users can choose to log in with Windows credentials by checking the checkbox labeled Autologon using Windows credentials.