If enabled,
CSM can use Windows/LDAP Credentials to log in a User/Customer rather
than
Cherwell credentials.
In order to use Windows credentials, Windows or Active Directory must be
enabled for the Client. That is, Windows and/or LDAP must be supported login
modes (CSM Administrator>Security>Edit Security Settings>select Windows or LDAP).
Note: In the
Desktop Client, Windows credentials are automatically used (if enabled). In
Internet Explorer, the Browser Client can automatically retrieve the
User's/Customer's Credentials from the system and pass them to the server. In
other browsers, Users/Customers might be prompted to provide Windows
credentials. The browser validates the credentials before passing them to the
server. If a User/Customer has previously provided credentials to the browser,
they might not be prompted to provide their credentials.
If a User/Customer is not currently logged in to their standard Windows
system (example: They are logging in from a mobile device or from outside the
network), or their system is configured to use an alternate LDAP provider that
does not provide direct Windows validation, they can still use their
Windows/LDAP Credentials for single sign-on.
The User/Customer can provide their Windows (or LDAP) Credentials into
the User Name field and their Windows (or LDAP) Credentials into the Password
field. When the Login button is selected,
CSM confirms that the specified credentials are legal, and then
(assuming they are) logs the User/Customer in.
Note: In order for this to work, the User/Customer must specify
a fully qualified ID in the format of:
domain\user-id
CAUTION:
Unless the Portal has been configured to use SSL
security (HTTPS), the credentials will be passed in clear text from the Browser
to the server, and it would be possible for someone monitoring communication to
capture credentials going over the wire. For that reason, we strongly suggest
users
edit web.config files to enforce redirecting HTTP requests
to HTTPS for a better, more secure logon experience.
