How to configure Active Directory Authentication and Single Sign On for the VisualTime Windows application

The Windows Authentication feature allows VisualTime to create users automatically upon their first login and assign a predefined user profile - unless the users already exist when connecting to VisualTime.

The "Public" VisualTime User profile will automatically be assigned to users created that way. 

In Management Console -> Settings -> General the settings that need to be configured are:
  • Windows Authentication Domain = the Windows Active Directory domain name (eg ACME without including the backslash character at the end).The domain name should be the Pre-Windows 2000 domain name and should not include the AD tree name.
  • Active Directory Server = the name or IP address of the domain controller 
In the /visualtime virtual directory properties -> Directory Security -> Authentication and  Access Control -> Integrated Windows authentication should be set to TRUE, all other settings on should be set to FALSE. 

  • VisualTime relies on the Internet Explorer built-in domain authentication capability but it doesn't read user names and passwords saved in the browser's auto complete forms. 
  • If your Internet Explorer browser settings are not set to automatically authenticate against the domain, then the VisualTime client won't be able to automatically log you in either.
  • The setting controlling the automatic browser log on behaviour can be found in Internet Explorer -> Tools -> Internet Options -> Security - > Trusted Sites or Intranet, depending on how you have IE configured -> Custom level -> User Authentication -> "Automatic logon with current user name and password". Once you have configured that, browsing with Internet Explorer to /visualtime you should not get prompted to log on. As such, when connecting to the exact same URL the domain in order for the authentication feature to work. 
  • For the SSO feature to work, the user’s Internet Explorer security settings should be configured for Automatic Logon under User Authentication -> Logon.
  • In order to avoid being locked out of the VisualTime Management Console (which is accessible only to administrators) you will need to create a VisualTime user matching the name of your Windows Active Directory Domain account and associate it with the VisualTime Administrator profile.
See also the following section "Active Directory and SSO (Single Sign On)" in the VisualTime Installation and Deployment Guide.  

Article ID: 40, Created On: 1/19/2014, Modified: 1/19/2014