Integrated Windows Authentication Single Sign-On for Legal Hold

book

Article ID: 100040015

calendar_today

Updated On:

Description

To configure Integrated Windows Authentication (IWA) Single Sign-On (SSO) for Legal Hold authentication:

Note: Before you perform the following steps, you must clear your browser cache.
  1. Log onto the eDP web interface as a system administrator.
  2. From the System view, click Settings, and then click the Legal Hold Authentication tab.
    User-added image
  3. Enable LDAP authentication for legal hold notices. Refer to the Legal Hold User guide for details.
  4. Enable Single Sign-On: Select the Enable Integrated Windows Authentication (IWA) with LDAP check box.
  5. Select the authentication preference:
    • Use Kerberos only: To use only the Kerberos authentication.
    • Use Kerberos first; if it fails, use NTLM: To use the default Kerberos authentication first, and if it fails, NTLM will be used for authentication.
  6. Test the LDAP connectivity: Enter credentials of a valid LDAP user who is part of the User Base provided and then click Test Connection.
  7. Click Save.

For Active Directory configurations: set the Service Principal Name (SPN) for the Legal Hold confirmation server. A domain administrator should run the following setspn command for the Legal Hold confirmation server from any system in the domain. 
 
setspn -A HTTP/cw.LHConfirmationserver.fqdn customer-domain\user-running-esa
 
cw.LHConfirmationserver.fqdn is the fully-qualified domain name (FQDN) for the confirmation server
customer-domain is the fully-qualified domain name. Example, corp.local
user-running-esa is the user account running the application service on the Legal Hold confirmation server. Example: esaAdmin
 
Note: Recipients of the legal hold notices must configure their browsers for IWA Single Sign-On. For detailed steps on how to do so, end-users can click Need Help! on the Legal Hold Confirmation Portal screen.

Powered by Wolken Software