|
Integrated Windows Authentication
iMaint works with Integrated Windows Authentication (IWA), using the security features of Windows clients and servers. You may enable this feature in the System Administration Tool and then set up individual user profiles within iMaint to use their Windows login credentials.
You will need to make sure the iMaint Application Server is connected to the correct domain. iMaint will need to verify the user is on the same domain, which means the Admin creating or editing iMaint user profiles will also need to be connected to the domain. Before you enable IWA, think about your network setup and the following example scenarios.
|
If you have... |
|
|
Multiple end users on public computers. (ex. Mike and Jay share a computer.) |
Do not enable IWA for any users because you may want to make users log into iMaint on public computers. Transactions have the correct user associated with it, based on login credentials. OR Enable IWA in the System Administrator Tool, and only set up specific user profile to use IWA. Note: Make sure the users who have IWA enabled log off iMaint and not just close the application. They must also completely log off the PC too, so that another user with IWA enabled does not open iMaint under the previous users credentials. |
|
One computer per each user. (ex. Mike has his own computer.) |
Enable IWA, users will be able log into their own pc and launch iMaint. Next login, iMaint will use their Windows credentials and skip the iMaint login window altogether. |
Different Network Domains
If you are working in a multi-domain environment, it is difficult to list all the possible variations in configurations that can take place. Just remember, new Windows Authenticated users must be created from the same domain as the iMaint Application Server. And you must ensure, if the user being created is on another domain, that domain must trust the iMaint Application Server domain. In other words, if the iMaint Application Server is on domain ‘AA1_Inc’ and you want to create a WA User on domain ‘AA2_Inc’ (e.g. AA2_Inc\bobjones) then you must be logged into a computer on ‘AA1_Inc’ AND domain ‘AA2_Inc’ must trust domain ‘AA1_Inc’.
Integrated Windows Authentication Setup
First, open the Server Administration Tool and navigate to the bottom of the Configuration tab. Check the box to Use Windows Authentication. This tells iMaint this specific server is enabled for Windows Authentication.
Now you must set up the individual users for Windows Authentication. Create or edit individual user profiles to enable their ability to use Windows Authentication. Make sure you are connected to the same network domain as the users profiles you will be editing, iMaint will need to verify the "domain\user name" for each profile. Highlight the User ID, check the box for Windows Authenticated User and supply the Domain\ Windows User Name.
Using Integrated Windows Authentication Tips
You will need to log into iMaint for the first initial time, using the Domain\Windows User Account, Password. Also on the very first log in attempt, users must enter a server name on the log in window (if one is not automatically filled in). This information is necessary before iMaint can determine if this server has Windows Integrated Authentication turned on, and you are a valid Windows User. iMaint will then retain this information and when you log into your client device, and you may skip the iMaint login process. The same can be done for remote users, just remember you will need to log into iMaint on the remote device with your Windows User Account, so that iMaint can verify and retain the information.
Once enabled, iMaint will process the login credentials when the user tries to access iMaint. iMaint will check the User Profile Setting and the Server setting to make sure both are enabled and send you directly to the iMaint Navigation Tree.
If the user is IWA enabled and wants to login as another user, they must log off. Users cannot simply close the application, they must use the log off feature. This will force the login window to appear for the next user who tries to launch iMaint. Navigate to the Main iMaint Menu, under the File toolbar, select Log Off.