Pass-through authentication (Single Sign-on) provides the ability to authenticate yourself automatically in OpManager using your currently logged in windows system username and password. You would not need to manually enter your windows credential to log-in to OpManager webclient.
Active directory authentication must have been configured in OpManager for the domain you want enable Pass-through Authentication. Click here to know how to add a domain under Active Directory authentication in OpManager.
User accounts to whom you want to enable pass-through must have been already available in OpManager. Click here to know how you can add new users.
Note: Pass-through authentication will work only for the active directory users already been added to OpManager. If you do not want to manually create user account for all the users in your domain, enable auto-login for the domain (Admin → User Manager → Windows Domains). Once auto-login is enabled, you have to manually enter username and password of your account only during the first login and an user account in OpManager will be created automatically. From there on, you can simply work without manually entering.
A computer account must be created in the Domain Controller for accessing the NETLOGON service in a domain by OpManager. Click here to know how you can create a new computer account.
Note: After version 124085, new computer accounts can be created from the Passthrough configuration window itself, if the OpManager service is running under a user who has administrative privileges. Also, if the OpManager server has been started from Command Prompt, make sure it is being run as a administrator.
OpManager webserver must be added as a trusted site in all browsers you are going to use to access the OpManager webclient, to prevent the browsers from opening unnecessary popups for providing your credentials.
To configure trusted sites, follow these steps:
Open Tools > Internet Options > Security > Local Intranet > Sites > Advanced. Enter OpManager server URL, click Add.
In URL box enter about:config. Click the button "I'll be careful. I promise", if warning page is displayed. In the resulting page, search for ntlm. Double click the option network.automatic-ntlm-auth.trusted-uris. Enter OpManager server URL in the text box and click OK. (Multiple site entries can be entered separated by comma.)
After all the prerequisites have been ensured, follow the steps below to auto-configure Passthrough Authentication in OpManager:
Note: If there are any issues in fetching the necessary details, or if you're in a version of OpManager earlier than 124085, you will have to configure these settings manually.
To manually configure Passthrough authentication, you'll need the following details:
In the Domain Controller device, open Start → Administrative Tools → Active Directory Users and Computers.
Open Command Prompt in OpManager server. Run the command "ipconfig /all". The first IP Address mentioned in the DNS Servers field is the primary DNS Server IP Address.
In Domain Controller device, open Start → Administrative Tools → Active Directory Sites and Services. The Site under which your Domain Controller device name listed is your site name. You can leave the DNS Site field empty in Pass-through configuration form in OpManager, if there is only one site present in your Domain Controller.
To create a new computer account, follow the steps below:
cscript NewComputerAccount.vbs account_name /p password /d domain_name
cscript SetComputerPass.vbs account_name /p password /d domain_name
Note: The length of the computer account name must be less than or equal to 15 characters.
In OpManager webclient, click on Settings → Basic Settings → User Management → Pass-through. Use the radio buttons to Enable/ Disable Passthrough Authentication.
If you face any issue with Pass-through Authentication, contact support with a ZIP file of the logs present under OpManager_Home\logs folder.