Single Sign-On (SSO) - Active Directory (On-prem)

Modified on Tue, 19 Nov at 3:09 PM

TABLE OF CONTENTS

Introduction

See here for Single Sign-On (SSO) with Azure/Entra ID.


Single Sign-On (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. ManagementStudio's SSO allows users to login using their company credentials, it works well with enterprise identity management platforms such as Microsoft Active Directory. The Single Sign-On (SSO) authentication allows users to automatically login to ManagementStudio using either its built-in authentication method or from an approved Windows domain.


By default, the user will be presented with the below login screen with the following options:

  • ManagementStudio Authentication &
  • Windows Authentication (AD)




 

Enabling SSO Authentication (Windows)

NB – The domain which the IIS server belongs to must be the same domain as the users.

  • Switch to Administration-> MS User Accounts (1).
  • Specify the Domain against the user record (2).

 



 

How to Specify the Domain

  • Highlight the User account on the grid, right click and select Edit User Details from the context menu.

 

Graphical user interface, text, application, email

Description automatically generated

  • Enter the Domain details (1).
  • Enter the AD SID of the User found in AD Domain (2).
  • Click Update User (3).

 

Logging In via Windows Authentication

  • Upon the next login into ManagementStudio, ensure the Windows Authentication method (1) is selected.
  • The Auto Login checkbox is enabled (2).
  • Click Sign in (3).

 


Creating Users in ManagementStudio via AD Groups

  • Open the Active Directory Users and Computers console.
  • In the navigation pane, select the container in which you want to store your group.
  • Click Action, click New, and then click Group.
  • Create the AD Group (1).
  • Add in the Users to the group (2). Note that if a user need the rights from multiple Role Groups, they should be added to all the corresponding AD groups.
The users must have a unique email address associated to their account





  • Switch to ManagementStudio.
  • Click Administration-> Role Groups (1).
  • Click on Click here to add new item (2) to create a new Role group or amend the details of an existing role group. Please refer to this article for more info on Role groups.
  • Specify the permissions for the new role group.
  • Enter the Name of the AD Group (3) within the AD group column.
  • Ensure the AD User Source (4) checkbox is ticked. This will ensure that any user that’s in the AD group in AD will be created/updated in ManagementStudio.
  • Click Save Changes (5).




  • Switch to Administration->MS User Accounts.
  • Click Sync AD Group-Roles button within the toolbar menu.
  • The AD Sync Report window will display with what has been completed (1).
  • Click OK (2) to close the window.


The Sync ManagementStudio Accounts from AD groups is set to run once an hour by default.




  • The new account should now be visible on the grid and added to the specified role group in ManagementStudio.




Further Support

If you require further support, please visit ManagementStudio's Service Desk to search the knowledge base or create a new support ticket.