Set up Single Sign-On (SSO)¶

Single Sign-On (SSO) allows the user to log in automatically without entering a user name or password. You can activate Single Sign-On as an administrator. Internally, Single Sign-On authentication uses Microsoft Negotiate.

In octoplant 101.3.0, the SSO protocol has changed from strictly Kerberos to the Microsoft Negotiate service. This service determines whether Kerberos or the NTLM protocol is used. Please note that IP addresses are not supported on Kerberos by default and if used may cause a fallback to the deprecated NTLM.

For more information on MS Negotiate and Kerberos, see:

• Microsoft Negotiate - Win32 apps
• Configuring Kerberos for an IP address

Single Sign-On (SSO) SPN attributes have changed. (For more information, see Setting an SPN attribute).

Requirements¶

• Client and server must be in the same domain or in domains with bidirectional trust.
• The client computer must be logged in via a user from the Active Directory (AD) in Windows.
• The server service must be started under a user from the AD. This user requires an SPN (Service Principle Name) in its attributes.
• AD users must be set up in octoplant.

Related topics¶

• Activation in the account policies
• Active Directory connection
• Setting an SPN attribute