Skip to main content
Documentation & User Guides | FotoWare

Active Directory Authentication (deprecated)

Active Directory is deprecated

Active Directory integration using LDAP is deprecated due to various issues with multiple domains, SSO and due to severe limitations, such as not being viable in SAAS or cloud scenarios. The recommended solution for single-sign-on (SSO) against on-premise Active Directory is now using ADFS and SAML 2.0 authentication.

How it works

Windows Active Directory authentication allows management of users and groups in the Active Directory, while the relevant groups can be imported into FotoWeb through the site configuration in the Operations Center. After importing the groups, they can be given access to the relevant resources on the FotoWeb server. Group changes in the Active Directory, such as the addition or removal of users, are automatically updated so that all user management can be done in the Active Directory only.

Windows Active Directory configuration involves the following steps:

  • Add the FotoWeb server to the domain
  • Enable Windows Active Directory integration on the site (see below)
  • Import groups into FotoWeb
  • Assign access to FotoWeb archives and workflows based on the groups you've imported
  • Configure your browser to use Integrated Windows Authentication (see below)

Setting it up

Authentication - Windows AD.png

Choose Windows Active Directory as the Authentication Provider. Then enter the host name of the Active Directory server. The default port for Windows Active Directory is 389 for non-encrypted connections and 636 for SSL connections, but the Active Directory server can also be configured to use another port. Ask your Windows server manager if you're uncertain.

Next, enter the username and password for the domain lookup account. This account need sufficient privileges to list the contents of the directory.

To use single sign-on, enable Use Integrated Windows Authentication (Single sign-on).  With this option set, users who access the FotoWeb site will be able to choose between manually entering a username and password or clicking on the Log in with SSO button.
To enforce Single sign-on as the only available option, choose Only allow login with Integrated Windows Authentication. Now, when users access FotoWeb, they will be immediately authenticated and logged in, and will never see the login screen.

Importing groups and assigning access

Next, you need to import groups from the Active Directory to give them access to FotoWeb.

You can then proceed to assign access to FotoWeb archives and actions using the imported groups.

Enabling Integrated Windows Authentication in your web browser

Having completed the above steps, make sure your browser is configured to use Integrated Windows Authentication.

Additional topics