Integrated Login

Integrated login is an optional feature that enables AppDNA users to be logged into AppDNA automatically using their Windows user account credentials. This means that the login screen is by-passed and users do not need to enter their user name and password.

Users who have integrated login accounts can turn off automatic login – for example, if they temporarily need to login with an administrator account to perform an admin task. To do this, clear the Enable Auto Integrated Login check box in Login settings.

Note:

You cannot log on to the AppDNA web client using an integrated login account.

Enable Integrated Login

To configure integrated login you must configure the AppDNA user account, and configure IIS.

Configure the AppDNA user account

You can import users individually from Active Directory (AD) or specify an AD Group from which user accounts will be imported automatically the first time they log in.

  1. From the AppDNA menus, choose Administration > User Management.
  2. In the User Management screen toolbar, click Add From AD in the toolbar, then find the required user or AD Group in the standard AD search and browse dialog.

Important:

To add AD Groups to AppDNA, the account running the AppDNA application pool in IIS must have permissions to read AD Group information from Active Directory. The default account ApplicationPoolIdentity can only discover individual user accounts.

Configure Internet Information Services

Use the Internet Information Services (IIS) Manager to configure the following IIS Authentication Settings for the AppDNA Web Application node:

  • Anonymous Authentication—Disabled.
  • Windows Authentication—Enabled.

IIS Authentication Settings

When IIS is configured this way and the Server Manager Console has the IE Enhanced Security Configuration enabled, users are prompted for their domain credentials when they navigate to the AppDNA web client, or the first time they view a report in the AppDNA desktop client. This is true for users using native (non-AD-integrated) AppDNA accounts, as well as those with AD-integrated AppDNA accounts.

To prevent users being prompted for their domain credentials in these situations, you can add the FQDN of the AppDNA server (for example http://APPDNASERVER.domain.xxx) to the Local Intranet zone, or add it to the Trusted Sites zone and set Automatic logon with current username and password on the Trusted sites zone.

Disable Integrated Login

To disable the integrated login feature in AppDNA:

  1. From the AppDNA menus, choose Administration > User Management > Users.
  2. Delete all AD User or AD Group related accounts in the linked users list.
  3. Optionally, in IIS, reconfigure the AppDNAppPool to use an account that does not have permissions to read AD information. For example, use the default Application Pool Identity.

linked users

Integrated login FAQ

Does integrated login require contact with Active Directory?

Yes. The AppDNA web server needs to be able to contact Active Directory to either create a new user account in the AppDNA database, or to verify that a user linked to an AD Group has (or still has) membership of the specified group.

Does the AppDNA user account need to be updated when the Windows password changes?

No. AppDNA does not know or store the user’s password. Authentication occurs by using secure Windows user tokens.

Can I change an existing AppDNA user account to an integrated login account?

No. Native AppDNA, and AD User or Group linked accounts, are mutually exclusive.