Skip to Content
avatar image
Former Member

Microsoft Windows AD authentication thru Kerberos Protocol

Hello

In order to connect users to the BI platform (BI launchpad or Central Management Console), we have implemented Microsoft Windows AD authentication thru Kerberos Protocol.

Our IS Security entity requests us more accuracy regarding the working of this authentication.

They would like to know what are the authentication credentials sent to Windows during the validation of the user's login?

Are they credentials of the user or credentials of the global service account.

Thank you for your help

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Jul 05, 2017 at 03:01 PM

    While many customers thing AD SSO is a function of BI it is in fact not. To achieve kerberos SSO you must setup everything in Microsoft (service account, delegation, SPN's even browser, etc) Once Microsoft SSO is setup then a successful authenticated Microsoft users that is mapped into BI can access BI. So this question is better directed at your Microsoft admin.

    https://msdn.microsoft.com/en-us/library/bb742516.aspx

    Here is a Microsoft article on how kerberos works, depending on your configuration, the exactly how could vary. Essentially a negotiation occurs at the browser and the user (not service account) is authenticated. The service account does play a role in delegating the user to various resources like the BI server.

    regards,

    Tim

    Add comment
    10|10000 characters needed characters exceeded