Step 6. Enable Windows Authentication

Windows authentication can be enabled or disabled whether or not Windows groups have been selected in the Windows Authentication window.

Enable/disable Window Authentication

Windows Authentication guidelines.

Enable/Disable Windows Authentication

When a user logs into CIMPLICITY, the following occurs when Allow Auto Login and/or Enable Windows Authentication are checked or clear.

 

Allow
Auto Login

Enable
Windows
Authentication

 

 

Result

Check

Check

If the Windows user is a member of a selected group, CIMPLICITY will

  1. Look for the user in the Selected Groups.

  2. Automatically log in the user to CIMPLICITY based on the first group in which the user is found.

  3. Assign the user the role/resources assigned to that group.

Important: A user who needs to do configuration in CIMPLICITY will have to log in manually if CIMPLICITY Configuration Security is enabled, even if Allow Auto Login is checked.  

Clear

Check

If the Windows user is a member of a selected group,

CIMPLICITY will

  1. Open a CIMPLICITY Login dialog box.

  2. Check the Windows/password credentials

  3. Look for the user in the Selected Groups.

  4. Give the user CIMPLICITY access based on the first group in which the user is found.

NA

Clear

Windows authentication and auto login are not allowed.

Windows Authentication Guidelines

When a user

Attempts to log into CIMPLICITY, if the Windows user name/password are not valid or CIMPLICITY does not find the user in any of the groups, the user is denied CIMPLICITY access.

Logs into CIMPLICITY for the first time using Windows authentication, that user is automatically added to CIMPLICITY's list of users

Is listed in the CIMPLICITY list, user specifications can be modified the same way as for any other user.

When the new Windows Authentication module tries to validate a user with auto log in, If Windows Authentication does not have a valid user/password to use to query the domain controller, it uses the current user that the process is running under.

On a default installation Windows authentication runs as a system user; depending on how the domain is set up there is a good chance that the system user will not have the ability to query the domain.

To make sure Windows authentication can query the domain:

  1. Open the Services control panel

  2. Make the CIMPLICITY HMI service run under a domain account that has privileges to query the domain.

More information

Windows authentication configuration.