Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Single Sign-On (SSO) - Active Directory (On-prem)

            Modified on Tue, 11 Nov at 5:52 PM

            TABLE OF CONTENTS



            Introduction

            Single Sign-On (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. ManagementStudio's SSO allows users to login using their company credentials, it works well with enterprise identity management platforms such as Microsoft Active Directory. In addition, the Single Sign-On (SSO) authentication allows users to automatically login to ManagementStudio using either its built-in authentication method or from an approved SSO technology.


            The ManagementStudio client supports three authentication methods:

            • ManagementStudio Authentication (local application accounts)
            • Windows Authentication (on-premises Active Directory SSO)
            • Azure Authentication (Azure Entra ID SSO)


            This document discusses concepts to enable Windows Authentication SSO in ManagementStudio.  For SSO via Entra ID, please refer to our Solution Article on enabling SSO via Azure.

             



            Enabling Windows Authentication For An Existing User

            The ManagementStudio IIS server must be joined to the same domain as the users.


            • Log in to ManagementStudio using an account that is a member of the 'Project Admin' Role Group, or has permissions to manage User Accounts and Role Groups.
            • Switch to Administration > User Accounts (#1 in the image below).
            • Select the user account to update from the grid, right-click and choose Edit User Details (#2 below) 



            This will launch the 'New/Edit User Account' window.  Enter or update the following details:

            • User Name: This should be the user's SAM account (#1 below)
            • Domain (SSO): The Active Directory domain name (#2)


            Click Update User (#3) to save the changes.



             

            Log in using Windows Authentication

            • Upon the next login into ManagementStudio, ensure the Windows Authentication option (#1) is selected.
            • Optionally, enable Auto Login for convenience (#2).
            • Click Windows Sign In (#3).



            Creating Users in ManagementStudio via AD Groups

            User access to ManagementStudio can be controlled by Active Directory groups, enabling organisations to allocate or revoke platform access by group membership.  This is often the preferred approach for enterprise customers.


            • Open the 'Active Directory Users and Computers' console.
            • In the navigation pane, select the container in which you want to store your group.
            • Click Action, click New, and then click Group.
            • Create the AD Group (1).
            • Add in the Users to the group (2). Note that if a user need the rights from multiple Role Groups, they should be added to all the corresponding AD groups.
            The users must have a unique email address associated to their account



            • Switch to ManagementStudio.
            • Click Administration > Role Groups (#1 below).
            • To create a new Role Group, click on Click here to add new item (#2) and enter the following details:
              • Role Group Name (#3): An internal name for the Role Group, for example, MS Packagers.
              • Description (#4)Further details about the purpose of the role group.
              • AD Group (#5): The name of the AD Group that will govern access to this Role Group.
              • AD/Az Acc Src (#6): Enabled/Checked
              • Specify the permissions for the new role group. Please refer to this article for more information on Role groups.
            • To update an existing Role Group, update the AD Group column (#5) for the corresponding Role Group.
            • Click Save Changes (#7).



            • Switch to Administration > User Accounts (#1 below).
            • Click Sync AD Group-Roles button within the toolbar menu (#2).


            The AD Sync Report window will display a summary of the progress, including new user accounts that were created.  Dismiss the window, the account will be visible in the grid and added to the specified Role Group.


            By default, ManagementStudio will synchronise group membership with AD once an hour.


            Further Support

            If you require further support, please visit ManagementStudio's Service Desk to search the knowledge base or create a new support ticket.


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0