VBrick Systems ETV v3.1 Using Single Sign-On

Administration

ETV Portal Server Administrator Guide 39

Using Single Sign-On

If the LDAP server is Microsoft Active Directory, you can select Integrated Windows

Authentication to enable "single sign-on." This means that once you login to your local

network with your assigned credentials, you can open ETV Portal Server without re-entering

your login credentials. ETV Portal Server uses your assigned credentials to authenticate and

authorize your defined permissions within the application. When configuring for Integrated

Windows Authentication, keep the following points in mind:

• Integrated Windows Authentication is only valid when using LDAP Authentication with

Microsoft Active Directory. ETV Portal Server enforces this as a business rule.

• Integrated Windows Authentication only works seamlessly with Microsoft Internet

Explorer browsers (Windows and Macintosh). When accessing ETV Portal Server, you

will get a popup login window only if you have not previously logged in to the network.

• When using Integrated Windows Authentication, all single-sign-on users must have an

Active Directory account and the Porta l Ser ver ser ver must be part of the Windows

domain.

• When using Integrated Windows Authentication, Microsoft Internet Explorer's default

behavior is that it will not prompt for an ID/password when the server is in the Local

Intranet Zone. (By default, Internet Explorer assumes a URL without a period (.). This

means http://yourserver/ is in the Local Intranet Zone while http://

yourserver.yourcompany.com (or http://199.88.7.11)) is in the Internet Zone.

TTo use single-sign-on (and avoid username/password prompts), you must do one of the

following:

• Access the Portal Server server by the alphanumeric name (for example http://

yourserver/).

• Access the Portal Server server by the IP address in which case you must also:

• Add the Portal Server server to the Local Intranet Zone (Internet Options >

Security > Sites). This setting can be pushed company-wide by an administrator

using security policies.

• Change Internet Explorer's default settings to allow Automatic Logon for non-

Intranet zones (Internet Options > Security Tab > Customize Level > User

Authentication).

Note The Softerra LDAP Browser 2.6 provides an Explorer-like LDAP client you can use

to browse the LDAP tree. It is available for Windows only and can be downloaded

free of charge from Softerra at http://www.ldapbrowser.com

Note If using an LDAP directory other than Microsoft's Active Directory, VBrick

strongly recommends using SSL to encrypt the communication between the Portal

Server server and the LDAP directory. Please consult your LDAP vendor

documentation for instructions on how to configure SSL.