TABLE OF CONTENTS

• Overview
• Enabling Windows Authentication for an Existing User
  • Logging in with Windows Authentication
• Creating Users in ManagementStudio via Active Directory Groups
  • Steps
• Further Support

Overview

ManagementStudio supports Single Sign-On (SSO), enabling users to authenticate using their organisation’s credentials from identity providers such as Microsoft Active Directory. This article covers configuring Windows Authentication (on-premises Active Directory SSO) for ManagementStudio. For SSO using Azure Entra ID, refer to How to enable Azure Authentication.

Supported authentication methods:

• ManagementStudio Authentication (local accounts)
• Windows Authentication (on-premises Active Directory SSO)
• Azure Authentication (Azure Entra ID SSO)

Enabling Windows Authentication for an Existing User

The ManagementStudio IIS server must be joined to the same Active Directory domain as the intended users.

To enable Windows Authentication for an existing user:

1. Log in with an account belonging to the Project Admin Role Group or an account with permissions to manage user accounts and role groups.
2. Navigate to Administration → User Accounts.
3. Select the user account to update in the grid, right-click, and select Edit User Details.

In the New/Edit User Account window:

• Set User Name to the user's SAM account name.
• Set Domain (SSO) to the Active Directory domain name.
• Click Update User to save changes.

Logging in with Windows Authentication

1. At the ManagementStudio sign-in screen, select the Windows Authentication option.
2. Optionally, enable Auto Login.
3. Click Windows Sign In to log in using Active Directory credentials.

Creating Users in ManagementStudio via Active Directory Groups

ManagementStudio can manage user access via Active Directory (AD) groups. Adding or removing users from AD groups controls their access rights within the platform.

Steps

1. In the Active Directory Users and Computersconsole:
   • Select the target container.
   • Click Action → New → Group to create a new AD group.
   • Add users to the group as required. To inherit permissions from multiple Role Groups, add users to multiple AD groups accordingly.
   • Ensure each user has a unique email address associated with their account.

2. In ManagementStudio:
   • Navigate to Administration → Role Groups.
   • To create a new Role Group:
     • Click Click here to add new item.
     • Enter:
       • Role Group Name: An internal name (e.g., MS Packagers).
       • Description: Purpose of the role group.
       • AD Group: The name of the AD group that will control access to this Role Group.
       • AD/Az Acc Src: Set to enabled/checked.
     • Configure required permissions. For details, refer to Role Groups Overview.
     • Click Save Changes.
   • To update an existing Role Group, edit the AD Group field as required and save changes.

3. Navigate to Administration → User Accounts.
4. In the toolbar, click Sync AD Group-Roles to start user and role synchronisation.

The AD Sync Report window will display progress, including creation of any new user accounts. Once complete, new accounts will appear in the user grid and be assigned to the relevant Role Groups.

ManagementStudio automatically synchronises AD group memberships every hour by default.

Further Support

For further assistance, visit the ManagementStudio Service Desk to search the knowledge base or submit a support ticket.