Setting up integrated windows authentication

The following guide will assist you in configuring your application to use Integrated Windows Authentication (IWA).

Part 1: Configure the SPN

To ensure kerberos authentication works correctly you'll need to register an SPN for the Access Manager service account.

The SPN must be in the format of HTTP/{dnsName} where {dnsName} is the external-facing DNS hostname used by the clients.

If this SPN is not set correctly, the following warning will appear in the Service account section of the Host configuration page. You can use the "Set SPN..." script to correct the problem.

Part 2: Configure Lithnet Access Manager

!
  1. Open the Lithnet Access Manager Service Configuration Tool

  2. Select the App configuration\User authentication page

  3. Select Integrated windows authentication as the authentication provider

  4. Select Negotiate for the authentication scheme.

To restrict clients to the use of Kerberos only, disable incoming NTLM authentication for the server using group policy.

Last updated

Was this helpful?