Open with table of contents
        
        
        Defining the Authentication Settings
        The Authentication Settings page enables you to configure how the Gateway authenticates PMM users  who access the Portal. The  Gateway authenticates each request by making a connection with the user's domain and retrieving the necessary information from the Domain Controller. The Domain Controller manages the organizational information and email addresses of users associated with the domain.
        Using the Authentication Settings page, you can add and modify Domain Controllers to support any number of domains, enabling users to access PMM from any  domain or domain forest.
         You can define how the system will authenticate PMM users using the following settings:
        
            - PMM User Authentication Settings
- Domain Controllers
To change the PMM User Authentication method:
        There are two methods of authentication for PMM users available:
        
            - Client Integrated Authentication (with Domain Controller). This is the default NTLM authentication method.
- Forms-based Authentication. This will allow the user to manually enter their windows logon or email address along with their windows password. Forms-based authentication is performed by the Gateway if NTLM is disabled and connects the Gateway to a Domain Controller using an LDAP connection.
To change the User Authentication method:
        
            - From 
 the System Center Home page, click 
 PMM Settings.
- Click Authentication Settings  to display the Authentication Settings page.
- Move the mouse pointer 
 over the User Authentication area and click 
.
- Select Client Integrated Authentication or Forms-based Authentication by clicking the appropriate radio button.
- Click Save. The summary will be updated with the new details.
            
            
            
                
                    |  | Client-integrated PMM authentication is performed by the Gateway connecting to a Domain Controller. If users are members of multiple domains, each of these domains must have a trust relationship with the selected Domain Controller; otherwise authentication will not be successful for users within the untrusted domain. Users in untrusted domain forests must use Forms-based authentication to access the PMM Portal. | 
            
        
        If you have selected Client Integrated Authentication, the system displays your current domain configuration in the User Authentication panel, including the name of the domain that the Gateway has joined and will use for authentication. If the Gateway is not currently a member of a domain, or you wish to join a new domain, you can configure the connection using the Domains Controllers panel.
        To add a Domain Controller:
        
            - From 
 the System Center Home page, click 
 PMM Settings.
- Click Authentication Settings  to display the Authentication Settings page.
- In the Domain Controllers 
 area, click  New 
. The Modify Domain Controller page appears. New 
. The Modify Domain Controller page appears.
To modify a Domain Controller:
        
            - From 
 the System Center Home page, click 
 PMM Settings.
- Click Authentication Settings  to display the Authentication Settings page.
- In the Domain Controllers 
 area, select the Domain Controller you wish to modify and click  Edit.  The Modify Domain Controller page appears. Edit.  The Modify Domain Controller page appears.
To join a domain:
        
            - From 
 the System Center Home page, click 
 PMM Settings.
- Click Authentication Settings  to display the Authentication Settings page.
- In the Domain Controllers 
 area, select the Domain Controller of the domain that you wish to join and click Join domain.   The Join domain dialog appears. 
- Enter a valid administrator User Name and administrator Password 
 for the domain.
- Click Join.
            
            
            
                
                    |  | The Gateway can only be a member of one domain at any one time. Joining a new domain will remove the Gateway from its previous association with a Domain Controller. The Gateway is only required to join a domain if the authentication type has been selected as Client-Integrated. | 
            
        
        NTLM authentication
        NTLM authentication can fail when attempting 
 to connect to the Domain Controller  if the NetBIOS 
 name is greater than 15 characters.
        For more information, see Adding a Domain Controller. 
        To test user authentication:
        After you have applied your domain configuration, you can check that PMM users can be correctly authenticated.
        
            - If required, add or modify a Domain Controller in the Domain Controllers area. You can test authentication from the Modify Domain Controllers page or from the Authentication Settings page.
- From 
 the task panel, click Test User Authentication.
- Enter a valid username and password combination and click Run Test.
            
            
            
                
                    |  | Note that 'username' can be windows logon, user principal name or email address. | 
            
        
        
        
        © 1995–2018 
			Clearswift Ltd.