Configuring › How to Enable External Authentication of Users › Configure NTLM Authentication on Windows

Configure NTLM Authentication on Windows

By configuring NTLM Authentication on Windows, you can enable single sign-on (also named single sign-in or single signin) for CA Service Catalog. Doing so means that once users log in to your domain, they can access CA Service Catalog without logging in to it. If you do not enable single sign-on, the login page is the first CA Service Catalog screen that users see. This topic explains how to modify the CA Service Catalog configuration to skip the login page.

If you are planning to use Catalog Component clustering with NTLM authentication, skip this procedure. Instead, you set up NTLM authentication for each cluster.

Follow these steps:

1. Verify that your environment meets the following requirements:
   • You are using Windows domain authentication.
   • You have configured CA EEM to use Active Directory.

     Note: For more instructions to configure and use CA EEM, see the Integration Guide.

   • The CA EEM server has joined the Windows domain that you are configuring for single sign-on.
   • You are running a version of HTTP higher than 1.0. Windows NTLM authentication is supported with versions of HTTP higher than 1.0.
   • If both of the following conditions exist, you cannot use single sign-on using NTLM with HTTPS:
     • The client computer operating system is Windows Server.
     • The Internet Explorer Enhanced Security Configuration Windows Component is installed.

     If you are using Windows Server, do one of the following to use single sign-on using NTLM:

     • Use HTTP instead of HTTPS.
     • Uninstall the Internet Explorer Enhanced Security Configuration Windows Component.
2. Click Administration, Configuration, Single Sign On Authentication.

   The Single Sign On Authentication page appears.

3. Locate the property named Single Sign On Type and click its Modify icon (by default, a pencil).

   The Edit Configuration dialog for this property appears.

4. Select the option named NTLM (NT LAN Manager) and click Update Configuration.

   The dialog closes, and you return to the Sign On Authentication page.

You have configured NTLM Authentication on Windows.