Define Authentication Settings

The Authentication Settings page enables you to configure how the Gateway authenticates PMM users who access the Portal. The Gateway authenticates each request by making a connection with the user's domain and retrieving the necessary information from the Domain Controller. The Domain Controller manages the organizational information and email addresses of users associated with the domain.

Using the Authentication Settings page, you can add and modify Domain Controllers to support any number of domains, enabling users to access PMM from any domain or domain forest.

You can define how the system will authenticate PMM users using the following settings:

• PMM User Authentication Settings
• Domain Controllers

To change the PMM User Authentication method:

There are two methods of authentication for PMM users available:

• Client Integrated Authentication (with Domain Controller). This is the default NTLM authentication method.
• Forms-based Authentication. This will allow the user to manually enter their windows logon or email address along with their windows password. Forms-based authentication is performed by the Gateway if NTLM is disabled and connects the Gateway to a Domain Controller using an LDAP connection.

To change the User Authentication method:

1. From the System Center Home page, click PMM Settings.
2. Click Authentication Settings to display the Authentication Settings page.
3. Move the mouse pointer over the User Authentication area and click Click here to change these settings .
4. Select Client Integrated Authentication or Forms-based Authentication by clicking the appropriate radio button.
5. Click Save. The summary will be updated with the new details.

Client-integrated PMM authentication is performed by the Gateway connecting to a Domain Controller. If users are members of multiple domains, each of these domains must have a trust relationship with the selected Domain Controller; otherwise authentication will not be successful for users within the untrusted domain. Users in untrusted domain forests must use Forms-based authentication to access the PMM Portal.

If you have selected Client Integrated Authentication, the system displays your current domain configuration in the User Authentication panel, including the name of the domain that the Gateway has joined and will use for authentication. If the Gateway is not currently a member of a domain, or you wish to join a new domain, you can configure the connection using the Domains Controllers panel.

To add a Domain Controller:

1. From the System Center Home page, click PMM Settings.
2. Click Authentication Settings to display the Authentication Settings page.
3. In the Domain Controllers area, click New . The Modify Domain Controller page appears.

To modify a Domain Controller:

1. From the System Center Home page, click PMM Settings.
2. Click Authentication Settings to display the Authentication Settings page.
3. In the Domain Controllers area, select the Domain Controller you wish to modify and click Edit. The Modify Domain Controller page appears.

To join a domain:

1. From the System Center Home page, click PMM Settings.
2. Click Authentication Settings to display the Authentication Settings page.
3. In the Domain Controllers area, select the Domain Controller of the domain that you wish to join and click Join domain. The Join domain dialog appears.
4. Enter a valid administrator User Name and administrator Password for the domain.
5. Click Join.

The Gateway can only be a member of one domain at any one time. Joining a new domain will remove the Gateway from its previous association with a Domain Controller. The Gateway is only required to join a domain if the authentication type has been selected as Client-Integrated.

NTLM authentication

NTLM authentication can fail when attempting to connect to the Domain Controller if the NetBIOS name is greater than 15 characters.

For more information, see Adding a Domain Controller.

To test user authentication:

After you have applied your domain configuration, you can check that PMM users can be correctly authenticated.

1. If required, add or modify a Domain Controller in the Domain Controllers area. You can test authentication from the Modify Domain Controllers page or from the Authentication Settings page.
2. From the task panel, click Test User Authentication.
3. Enter a valid username and password combination and click Run Test.

Note that 'username' can be windows logon, user principal name or email address.