Single-Sign-On (SSO) Support for the WTC

Integrated Windows Authentication for Single Sign On (SSO)

EFT Server allows for Single Sign-On (SSO) support for HTTP/S connections when Integrated Windows Authentication (IWA) is explicitly enabled. The change will apply to all Sites in EFT Server that use Active Directory authentication. Currently, Internet Explorer (IE) is the only browser that fully supports IWA. Users connecting with other browsers must still go through the normal login page.

Form-based login as implemented in the normal login page is generally considered superior for interactive user connections because it facilitates true session management. However, IWA is a legitimate alternative for use within internal corporate networks. With IWA enabled, EFT Server defers the user authentication to Active Directory and IE, resulting in a single sign-on user experience. Users whose credentials are accepted by AD are not prompted for a username and password, and are instead logged directly into the EFT Server client web interface without any further input.

The downside to IWA is that in skipping the normal login page, the user misses out on a few of the functions accessed from that page, such as providing alternate credentials or choosing whether to load the Web Transfer Client (WTC), though an administrator may still disable WTC access for an individual user or entire Settings Template if necessary. Additionally, the user must close their browser to end the session rather than using a logout button. In an environment where SSO is a requirement, these functions may not be important or even desired.

As a reminder, when IWA is enabled the SSO functionality will only apply to AD sites for interactive users connecting with IE. No other scenario is affected. To enable this functionality, the following registry entries must be created and set appropriately:

32 bit:

HKLM/SOFTWARE/GlobalSCAPE Inc./EFT Server 4.0/EFTClient/

64 bit:

HKLM/SOFTWARE/Wow6432Node/GlobalSCAPE Inc./EFT Server 4.0/EFTClient/

DWORD: use_registry

1 = enabled

32 bit:

HKLM/SOFTWARE/GlobalSCAPE Inc./EFT Server 4.0/EFTClient/

64 bit:

HKLM/SOFTWARE/Wow6432Node/GlobalSCAPE Inc./EFT Server 4.0/EFTClient/

DWORD: enable_iwa

1 = enabled

This online help file is for EFT Server version 6.3.x. For other versions of EFT Server, please refer to http://help.globalscape.com/help/index.html.

(If the Index and Contents are hidden, click Show Contents pane in the top left corner of this topic.)

If this help topic did not help you, search the Knowledgebase or pose your question in the GlobalSCAPE User Forum.

For the most up-to-date information, to view version history, updates, and activation instructions; or to download a PDF of this user guide, visit the Support Center at http://www.globalscape.com/support.

Leave compliments or complaints regarding the help in the User Forum. At a minimum, please provide the topic title and why you needed help.

For information about GlobalSCAPE, visit www.globalscape.com, subscribe to our Secure Info Exchange blog, or follow us on Twitter.

Last modified: 20-Dec-11 at 16:00:11