Configuring Windows authentication (Active Directory)

Kentico CMS supports Windows integrated authentication. It means that when a user signs in to a Windows domain, Kentico CMS automatically recognizes her identity without requiring a user name and password.

Moreover, Kentico CMS is able to automatically import the authenticated users from domain (Active Directory) into the user database, including their roles.

Configuration

Before you configure the application for Windows authentication, you need to create a user account that will be the same as your current domain name and assign this user account with administrator permissions. This will allow you to access all features as an administrator once you sign in using Windows authentication.

Sign in as an Administrator to the Site Manager and go to Administration -> Users. Create a new user with following values:
- User name: your domain user name in format domain\username, example: office\johns
- Full name: your full name
Click OK.
On the General tab, set the following values:
- Is global administrator: yes
- Is external user: yes
Click OK.

3.	Now you can switch the application to the Windows authentication mode. Edit the web.config file of the web project and change the following line:

to:

When using the Windows authentication, you also need to have the following settings in your web.config file so that the authentication is required for the live site:

<system.web>

</authorization>

</system.web>

</location>

4.	Save the modified web.config file. Close all browsers with Kentico CMS and open the web site in a new browser. Try to go to <web project>\cmssitemanager to make sure you are recognized as a global administrator.

From now on, when authenticated users come to the site, their user account is created in Kentico CMS database automatically and their domain groups are imported as roles into Kentico CMS database. It means that the users are roles are not imported on some regular basis, instead they are imported when the user comes to Kentico CMS web site.