EFT Server allows for Single Sign-On (SSO) support for HTTP/S connections when Integrated Windows Authentication (IWA) is explicitly enabled. The change will apply to all Sites in EFT Server that use Active Directory authentication. Currently, Internet Explorer (IE) is the only browser that fully supports IWA. Users connecting with other browsers must still go through the normal login page.
Form-based login as implemented in the normal login page is generally considered superior for interactive user connections because it facilitates true session management. However, IWA is a legitimate alternative for use within internal corporate networks. With IWA enabled, EFT Server defers the user authentication to Active Directory and IE, resulting in a single sign-on user experience. Users whose credentials are accepted by AD are not prompted for a username and password, and are instead logged directly into the EFT Server client web interface without any further input.
The downside to IWA is that in skipping the normal login page, the user misses out on a few of the functions accessed from that page, such as providing alternate credentials or choosing whether to load the Web Transfer Client (WTC), though an administrator may still disable WTC access for an individual user or entire Settings Template if necessary. Additionally, the user must close their browser to end the session rather than using a logout button. In an environment where SSO is a requirement, these functions may not be important or even desired.
As a reminder, when IWA is enabled the SSO functionality will only apply to AD sites for interactive users connecting with IE. No other scenario is affected. To enable this functionality, the following registry entries must be created and set appropriately:
32 bit:
HKLM/SOFTWARE/GlobalSCAPE Inc./EFT Server 4.0/EFTClient/
64 bit:
HKLM/SOFTWARE/Wow6432Node/GlobalSCAPE Inc./EFT Server 4.0/EFTClient/
DWORD: use_registry
1 = enabled
32 bit:
HKLM/SOFTWARE/GlobalSCAPE Inc./EFT Server 4.0/EFTClient/
64 bit:
HKLM/SOFTWARE/Wow6432Node/GlobalSCAPE Inc./EFT Server 4.0/EFTClient/
DWORD: enable_iwa
1 = enabled