on 07-05-2017 8:25 AM
Hello
In order to connect users to the BI platform (BI launchpad or Central Management Console), we have implemented Microsoft Windows AD authentication thru Kerberos Protocol.
Our IS Security entity requests us more accuracy regarding the working of this authentication.
They would like to know what are the authentication credentials sent to Windows during the validation of the user's login?
Are they credentials of the user or credentials of the global service account.
Thank you for your help
While many customers thing AD SSO is a function of BI it is in fact not. To achieve kerberos SSO you must setup everything in Microsoft (service account, delegation, SPN's even browser, etc) Once Microsoft SSO is setup then a successful authenticated Microsoft users that is mapped into BI can access BI. So this question is better directed at your Microsoft admin.
https://msdn.microsoft.com/en-us/library/bb742516.aspx
Here is a Microsoft article on how kerberos works, depending on your configuration, the exactly how could vary. Essentially a negotiation occurs at the browser and the user (not service account) is authenticated. The service account does play a role in delegating the user to various resources like the BI server.
regards,
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.