Single Sign-On (on-premise)
Single Sign-On requires additional configuration that must be performed by a member of your Information Technology department.
Single sign-on uses the Windows Active Directory to allow a user to by-pass the Login screen using their Windows credentials. When using single sign-on, it’s important to note the following:
- The user currently logged into Windows is the single sign-on user.
- SSO only works from a Windows computer that is logged into the same domain as the LobbyCentral web server.
Configuring Single Sign-On
Before making these changes, be sure that all users are logged out of LobbyCentral.
- Log into Service Center Web with an administrator account.
- Click Tools, Administration.
- In the left menu, click System Options.
- On the Settings tab, enable the box marked ‚Use Single Sign-On.
- Click Save.
Next, you must configure IIS on the web server to use Windows Authentication.
- Open IIS.
- Under Web Sites, expand the Default Web site.
- Right click serviceCenterWeb and choose Properties.
- Click the Directory Security tab.
- In Authentication and Access Control, click Edit.
- Uncheck ‚Enabled Anonymous Access‛
- Check Integrated Windows Authentication‛
- Click OK.
- Click OK to close the properties window.
- Close IIS.
Windows 2008 or Higher
- Open IIS.
- Open Sites and select Default Web site.
- Click serviceCenterWeb
- In the Features view, double-click Authentication.
- On the Authentication page, select Windows Authentication.
- In the Actions pane, click Enable.
- Select Anonymous Authentication.
- Click Disable.
- Save and close IIS.
IMPORTANT: The web server must be in the same domain as the user’s domain. Users must be allowed to access the web server. If not, they will be prompted for a Windows login when accessing the application.
Now that SSO has been enabled, you will need to configure each user account to add the user’s Window’s login:
- Go to User Management.
- Select a user from the list and click Modify.
- In Windows Login, type in the user’s login with domain. For example: CORP\JSMITH
- Click Save.
Users should access Service Center Web as they have in the past. When the user accesses the page, it will detect their Windows login and authenticate it against LobbyCentral’s user database.
- If the Windows login is found, the user is taken directly to the Queue Monitoring page.
- If the Windows login is not found, the user will be taken to the Login page. From here the user can use a LobbyCentral Authentication to log in, or use another domain username and password.
When the user logs out of Service Center Web, they will be taken to the Login page. When the user wishes to log in, they will simply click the One Click Login button. The One Click Login will retrieve the current user’s login.
Logging In As A Different Domain User
If the user wishes to log into Service Center Web with an account other than the current Windows login, click the Logout link to go back to the Login page.
At the login page, type in the domain user’s name and password. If the Windows login is found and the password matches the domain user’s password, the user will be allowed to continue.