Skip to main content

User authentication methods for SquaredUp DS Standalone

Documentation Team
  • Updated

User authentication methods for SquaredUp DS Standalone

A key decision when deploying SquaredUp DS is how users will authenticate (log on). There are two authentication methods you can use for SquaredUp DS:

By default, SquaredUp DS is installed with Forms authentication enabled. Forms authentication requires the user to enter his or her username and password to log on.

To use Forms authentication you do not need to make any changes after installation. If you have previously configured Windows authentication and want to switch back to Forms authentication see How to enable Forms authentication.

Windows authentication is also known as Integrated Windows Authentication (IWA), Single Sign-On (SSO) and Pass Through Authentication.

With Windows authentication enabled, the browser automatically authenticates to SquaredUp DS using the user's Windows credentials. The user does not need to explicitly log on to the application.

In some scenarios, configuring Windows authentication can be more complex.

A single SquaredUp DS instance (website) can be configured for either Forms authentication or Windows authentication, but not both.

For information about using an application proxy (Web Application Proxy and AD FS or Azure Application Proxy) for example to allow multi-factor authentication (MFA), see How to configure SquaredUp DS to use an application proxy

To access SquaredUp DS, a user must authenticate with their Windows credentials. For more information see User Management

Tip: If you want to make dashboards available to users within your organization without requiring authentication, you can use Open Access dashboards. Open Access dashboards can be shared across the organization and viewed without users needing to authenticate. To learn more about Open Access see Sharing Dashboards with anyone - Open Access.

How to enable Windows authentication

  1. Make sure SquaredUp DS has been installed and the initial configuration wizard (licensing etc) has been completed.

  2. Enable Windows authentication using the SquaredUp DS configuration script.

    Modifying the configuration causes the web application to restart and all users will be logged off.

    1. On the SquaredUp server click on the Start button and type:command prompt

    2. Navigate to the instance for which you wish to change authentication.

      For example:

      cd C:\inetpub\wwwroot\SquaredUp

      Name of the SquaredUp folder

      The default name of the SquaredUp folder is SquaredUp for v6 and above.

      For v5 it is SquaredUpv5.

      Location of the SquaredUp folder

      A custom location may have been chosen during the installation.

      The default location for the SquaredUp folder is C:\inetpub\wwwroot\SquaredUp

      For v5 it is C:\inetpub\wwwroot\SquaredUpv5.

    3. Run the SquaredUp command followed by windows:

      squaredup windows

      The SquaredUp command for v6 and above is SquaredUp. This is followed by an operator for the task you are carrying out, for example SquaredUp forms, SquaredUp windows, or SquaredUp ha.

      The SquaredUp command for v5 it is SquaredUp5.

  3. Your browser, and other users' browsers, must be configured to use automatic logon for all your SquaredUp DS URLs. The steps below describe how to configure the browser on each client (not on the server), you can test this in your own client's browser, then your organization should apply the settings to all users' browsers, perhaps using Group Policy.

    Add the fully qualified domain name (FQDN) of all SquaredUp servers e.g. webserver1.domain.local (and load balanced address if using) to the list of local intranet sites, and select automatic logon, as described below. These two settings prevent the browser logon box from popping up, and allow the Windows authentication logon to be used for SquaredUp DS.

    Please note that your domain settings may differ from the Internet Explorer defaults, so we recommend that you review the settings below.

      1. Navigate to Tools > Internet Options > Security > Local intranet > Sites > Advanced

      2. Enter the fully qualified domain name (FQDN) for your SquaredUp server(s), and click Add, then Close, then OK.

        When using multiple load balanced servers you must add the FQDN of each server, and also the load balanced address.

      3. Click on Local intranet and then Custom level

      4. Scroll to the bottom of the settings and verify that either of the following settings are enabled:

        Automatic logon with current user name and password

        Automatic logon only in Intranet zone

      5. Click OK, then Yes, then OK.

      6. Add the sites to the local intranet sites on ALL clients. (For example using Group Policy, see Internet Explorer prompting for credentials - Windows authentication (Clint Boessen's blog)).

    By default, Chrome uses the Internet Explorer local intranet sites configuration. Follow the steps for Internet Explorer.

    In addition, Chrome requires that Kerberos constrained delegation is explicitly configured.

    For more details, see The Chromium Projects - HTTP authentication

    Firefox requires explicit configuration to enable Windows authentication.

    1. Type about:config in the location bar.
    2. Type network.negotiate-auth.trusted-uris in the search box.

    3. Double-click on the setting returned and type the SquaredUp server name and then the fully qualified domain name (FQDN) separated by a comma and a space. Do not include the http:// or https://

      When using multiple load balanced servers you should add the FQDN of each server, and also the load balanced address.

    4. Click OK.
    5. Repeat these steps for the network.negotiate-auth.delegation-uris setting.

  4. Verify the configuration.

    Check that SquaredUp DS is now accessible:

    1. Log on to a client machine using a different user account to that with which you are logged on to the SquaredUp Server. (Note that it must be a different account, otherwise Windows authentication may reuse your server logon session and it may appear to succeed even if it is misconfigured).

    2. Browse to SquaredUp DS. Check the servers short address and the fully qualified domain name (FQDN):

      http://SquaredUpServer/SquaredUp and http://SquaredUpServer.domain.tld/SquaredUp

      If you are using multiple servers, check the short and FQDN names for all servers, and also the load balanced address.

    3. If SquaredUp DS opens, check that graphs are shown.

Please contact SquaredUp Support if you experience any problems and reply to the automatic response with the output of the SquaredUp DS Diagnostics (see Collecting diagnostic information) and, if possible, a screenshot of the problem.

How to enable Forms authentication

Forms authentication is enabled by default when SquaredUp DS is installed. If you have previously configured Windows authentication and would like to switch back to Forms authentication, follow the instructions below.

Modifying the configuration causes the web application to restart and all users will be logged off.

  1. Open a command prompt (cmd.exe) on the SquaredUp web server.

  2. Navigate to the instance for which you wish to change authentication.

    For example:

    cd C:\inetpub\wwwroot\SquaredUp

    Name of the SquaredUp folder

    The default name of the SquaredUp folder is SquaredUp for v6 and above.

    For v5 it is SquaredUpv5.

    Location of the SquaredUp folder

    A custom location may have been chosen during the installation.

    The default location for the SquaredUp folder is C:\inetpub\wwwroot\SquaredUp

    For v5 it is C:\inetpub\wwwroot\SquaredUpv5.

  3. Then run the SquaredUp command followed by forms:

    squaredup forms

    The SquaredUp command for v6 and above is SquaredUp. This is followed by an operator for the task you are carrying out, for example SquaredUp forms, SquaredUp windows, or SquaredUp ha.

    The SquaredUp command for v5 it is SquaredUp5.

  4. If you have previously configured SPNs or Kerberos constrained delegation settings in Active Directory, these can be reverted after switching to Forms authentication.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.