Siebel Security Guide > Web Single Sign-On Authentication > Process of Implementing Windows Integrated Authentication >
Setting Up Active Directory to Store Siebel User Credentials for Windows Integrated Authentication
This topic describes how to set up Active Directory for Windows Integrated Authentication. In this example, the Active Directory performs two functions that might be handled by two separate entities in other Web SSO implementations:
- Users are authenticated through the Active Directory performing its function as the Microsoft IIS Web Server directory.
- The Active Directory functions as the directory from which an authenticated user's Siebel user ID and database account are retrieved.
This topic describes how to configure the Active Directory as the directory which provides the user IDs and the Siebel database account for authenticated users. For information about configuring the Microsoft IIS Web Server, see Configuring the Microsoft IIS Web Server for Windows Integrated Authentication.
This task is a step in Process of Implementing Windows Integrated Authentication.
To set up Active Directory to store Siebel user credentials
- Select a subdirectory in the Active Directory to store users, for example, the Users subdirectory under the domain-level directory.
You cannot distribute the users of a single Siebel application in more than one subdirectory. However, you can store multiple Siebel Business Applications' users in one subdirectory.
- Define the attributes to use for the following user data (create new attributes if you do not want to use existing attributes):
- Siebel user ID. Suggested attribute: sAMAccountName.
- Database account. Suggested attribute: dbaccount.
- Password. Assign a user password to each user using the ADSI user management tools. The user password is not stored as an attribute.
NOTE: A user password is required for the Active Directory for its role as the Microsoft IIS Web Server directory, which is the authentication service in this configuration. A user password attribute is not required for Active Directory as the directory. In other configurations in which the authentication service is physically independent of the directory, the directory is not required to have a user password assigned to each user.
- For the purposes of Microsoft IIS Web Server authentication, provide attributes as needed to store the user name, first name, last name, or other user data.