Active Directory-Based Authentication

The Content Engine can be set up to use Active Directory for authentication of users, instead of doing the authentication itself. For organizations with primarily Windows-based networks this makes it possible for users to log in to Content Studio and Web Studio using their ordinary network user names and passwords. Note, however, that:

• This is not a "single sign on" mechanism: users will still have to log in when starting Content Studio and Web Studio, even if they are already logged in to the network.

• Only authentication is carried out by Active Directory, authorization is still performed by the Content Engine, so you still have to define Content Engine users. The Content Engine users must have identical user names to the Active Directory users.

To set up Active Directory-based authentication:

1. Using Web Studio, create users (see Create New User) for all the existing Active Directory users who are to use Content Studio or Web Studio. The user names you specify must be identical to the user names in Active Directory. You can leave the password fields blank.

2. Assign access rights to these user in the usual way (see Editing Users and Persons) .

3. If you have any existing Content Engine users that you want to keep (publication administrators, for example) that do not exist in Active Directory, then you need to add users with identical user names to Active Directory.

4. Enable the Content Engine to connect to Active Directory. This involves reassembling and redeploying the Content Engine (see Enabling Connection to Active Directory).

5. Reconfigure the Content Engine to use Active Directory for authentication, and restart you application server (see Switching to Active Directory).

6. Using Web Studio, you can now tidy up by deleting any old Content Engine-authenticated users that are no longer required (see Person and User Archive).