Domain authentication

This topic describes the use of domain authentication.

For domain authentication, users authenticate against Microsoft Active Directory. When a user attempts to authenticate, the reports client asks for a user name, domain, and password and passes that information to the reports server. The reports server relays that information to the Authentication Service, which delegates user authentication to the Active Directory domain controller. The Active Directory registry stores the names and passwords of registered users within its Kerberos realm (On Microsoft Windows, a Kerberos realm is an Active Directory domain.) If the domain controller successfully authenticates the user, then the user is authenticated and granted a session credential.

To implement domain authentication, you can use the following approaches:

• The most secure approach instructs the 
  Warning

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  Authentication Server to refresh session credentials by consulting Active Directory. This approach requires more initial configuration. To set this up, you must perform both of the following master procedures in the mentioned order:
  1. Registering-an-Authentication-Service-in-an-Active-Directory-domain
  2. Configuring-for-domain-authentication
• A less secure approach allows the 
  Warning

  The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  Authentication Server to refresh session credentials without consulting Active Directory. Instead, the Authentication Service only checks that users exist and are enabled in role-based access control (RBAC) system. This approach requires less configuration. If you want to use this approach, you must perform the master procedure described in Configuring-for-domain-authentication.