Active Directory and FME Server
FME Server allows you to connect to an existing Active Directory / LDAP server and incorporate available users and groups into your FME Server security configuration.
Once a connection is created, you can specify which user(s) and role(s) will be imported into FME Server - noting that their passwords and membership will continue to be managed by the Active Directory server itself. The existing users and roles on FME Server can coexist with those imported. FME Server roles can contain both System (FME Server) and Active Directory users.
FME Server can manage any number of Active Directory connections - this means that you can connect to multiple domains.
|Police Chief Webb-Mapp says...|
|One cautionary note when working with multiple domains is if a second domain contains a username that is the same as in the first domain (and has already been imported into FME Server), the second user will not be imported and an alternative name will be required an prompted for during the import of users.|
|First-Officer Transformer says...|
While you can import Active Directory Roles, you cannot modify membership in FME Server.
FME Server only has read permission on any connected Active Directory listing.
Integrated Windows Authentication
With Integrated Windows Authentication, also known as "single sign-on," you can enable the users you import from your Active Directory connections to integrate their Windows login credentials with FME Server. When single sign-on is enabled:
- There is no need to log in to the FME Server web interface. Instead, select Use Windows Credentials on the Sign In page.
- Similarly, there is no need to log in to FME Server when using FME Workbench to publish a workspace. Instead, simply check Use Windows session credentials in the Publish to FME Server wizard.
Note: When publishing a workspace to a Notification Service, you must still provide your FME Server credentials in the HTTP Authentication fields of the Edit Service Properties dialog of the wizard.
To enable single sign-on
- Update the Windows domain configuration to allow FME Server to authenticate using single sign-on.
- Update the web browser configuration to use single sign-on.
|Chef Bimm says...|
|Once Integrated Windows Authentication is configured, users will need to log into FME Server using the **Use Windows Credentials** button in the browser. At this time, a user cannot be automatically logged in when connecting to FME Server the first time. Once a user has been logged, however, and closes their browser, they may be automatically logged back in when returning to FME Server Web Interface in subsequent visits or until the session expires.|
|Internet browser session: A web browser session to FME Server do not expire as long as the browser is active and the user remains logged in. Logging out of FME Server will end the web browser session.|