Single Sign-On

This section allows to configure Single Sign-On, which will allow users who are already authenticated with their Windows domain to automatically log in to AD360.

To enable single sign-on for multiple components and domains, follow the steps listed below:


To modify existing single sign-on settings,

To identify the DNS Server IP address:

  • Open Command Prompt from a machine belonging to the domain that you have selected

  • Type ipconfig /all and press enter

  • Use the first IP address displayed under DNS Server

 

To identify the DNS Site:

  • Open Active Directory Sites and Services in Active Directory

  • Expand the Sites and identify the Site in which the Domain Controller configured under the selected domain appear

  • Use the Site name for DNS Site

See the images below for reference.




DNS Server IP address



DNS Site



Troubleshooting steps for SSO:

I. Change browser settings to allow Single Sign-On

Trusted sites are the sites with which NTLM authentication can occur seamlessly. If SSO has failed, then the most probable cause is that the AD360 URL isn't a part of your browser's trusted sites. Kindly add the AD360 URL in the trusted sites list. Follow the steps given below:

  1. Internet Explorer
  2. Chrome
  3. Firefox
Note:
  1. It is recommended that you close all browser sessions after adding the URL to the trusted sites list for the changes to take effect.

  2. Google Chrome and Internet Explorer use the same internet settings. Changing the settings either in Internet Explorer or in Chrome will enable NTLM SSO in both browsers. It is again recommended to close both the browser sessions for the changes to be enabled.

Internet Explorer

  1. Open Internet Explorer and click the Tools button.

  2. Click Internet options.

  3. In the Internet options dialog box that opens, click the Security tab, and then click a security zone (Local intranet, Trusted sites, or Restricted sites).

  4. Click Sites.

  5. If you are using IE 11, click on the advanced button and add the AD360 site in the list of intranet site.

  6. If you are using versions lower than IE 11, add the AD360 site in the list of intranet sites.

  7. Click Close, and then click OK.

  8. Close all browser sessions and reopen your browser.


Chrome

  1. Open Chrome and click the Customize and control Google Chrome icon (3 horizontal lines icon on the far right of the Address bar).

  2. Click Settings, scroll to the bottom and click the Show advanced settings link.

  3. Under the Network section click Change proxy settings.

  4. In the Internet Properties dialog box that opens, navigate to the Security tab → Local Intranet, and then click Sites.

  5. Click Advanced and add the URL of AD360 in the list of intranet site.

  6. Click Close, and then OK.

  7. Close all browser sessions and reopen your browser.



Firefox

  1. Open Firefox web browser and type about:config in the address bar.

  2. Click I'll be careful, I promise in the warning window.

  3. In the Search field, type: network.automatic-ntlm-auth.trusted-uris.

  4. Double-click the "network.automatic-ntlm-auth.trusted-uris" preference and type the URL of AD360 in the prompt box. If there are sites already listed, type a comma and then the URL of AD360. Click OK to save the changes.

  5. Close all browser sessions and reopen your browser.


II. Check the computer account configuration

Status: Error in Creating Computer Account


Error Message


This error can be due to any of the reasons listed below:

  1. Invalid domain credentials in AD360
  2. This could happen when the credentials of the user account specified in the domain settings section of AD360 are expired. To update the credentials and synchronize it with AD360, follow these steps:

  3. Domain controllers are not accessible from AD360
  4. When AD360 cannot reach the specified domain controllers (DCs), you must add another DC that it can access. the above error might occur. To do this:

  5. Non-conformance to password policy
  6. When the password of the automatically created computer accounts for NTLM authentication does not meet the domain password policy settings, this error occurs. To resolve this issue, you need to create a computer account manually, with a password in accordance with the domain policy settings. To accomplish this, follow the steps given below: