Verint | Telligent Community
Verint | Telligent Community
  • Site
  • User
  • Site
  • Search
  • User
Telligent Community 9.x
  • Verint Community
Telligent Community 9.x
User Documentation Windows Authentication
  • Ask the Community
  • User Documentation
  • API Documentation
  • Manager Training
  • Developer Training
  • Tags
  • More
  • Cancel
  • New
  • Telligent Community 9.0
  • -All platform topics
    • +9.0 Release notes
    • +Achievements
    • +Activity Story Stream
    • -Authentication
      • Configure the Cookie Authentication Single Sign-on Client plugin
      • Enable ReCaptcha user validation
      • +Forms Authentication
      • +LDAP authentication
      • +OAuth
      • -Windows Authentication
        • Active Directory group mapping
        • Adding Active Directory groups via LDAP as Telligent Community members
        • Configure Telligent Community in a multi-domain environment
        • Set up AD Role & Profile sync
        • Understanding the ldap.config file
    • +Blogs
    • Calendar
    • +Chat
    • +Content tools
    • Document Preview
    • +Email
    • +Errors & logs
    • Featured content
    • +Forums
    • +Friends
    • +Groups
    • Hashtags
    • +Ideas
    • +Install or Upgrade Telligent Community
    • +Job Service
    • +License
    • Likes
    • +Localization
    • +Media galleries
    • +Members
    • Mentions
    • +Mobile
    • +Moderation, spam and abuse
    • +Notifications & messages
    • +Page Editing
    • +Permissions
    • +Profile & sign-in
    • Quick Post
    • Ratings
    • Responsive design
    • +Roles
    • Rule Automation
    • +Scores
    • +Search
    • +Security
    • +SEO
    • +Site admin
    • +Site configuration
    • Social basics guide
    • Social Twitter feed
    • +Status messages
    • Tags
    • +Telligent Community Troubleshooting Guide
    • +Themes
    • Tour Tips
    • +Tuning & performance
    • +User accounts
    • Video Transcoding
    • +Widgets
    • +Wikis
  • Customization
  • Development
  • Getting started
  • Install/Upgrade and Configure

Windows Authentication

[toc]

We recommend using Windows Authentication if you are configuring Telligent Community within an internal Active Directory.  If you need to authenticate against an external Active Directory, we recommend use SAML with ADFS instead. Your members can then access Telligent Community with the same credentials as they use to login to Windows (and in many cases will be seamlessly logged in).

Once you set up your site with Windows Authentication, it's important to test it from another computer or virtual machine. Occasionally Microsoft IIS can get into an infinite loop when you try to view a Windows Auth protected site from the same computer that is hosting that site.
By default, Telligent Community only allows the most common characters to be used in a user name. Usernames are limited to:
  • Alphanumeric characters (A-z, 0-9)
  • Underscores (_)
  • Hyphens (-)
  • Periods (.)
  • At signs (@)
  • Spaces
If the user names in your Active Directory include characters other than these, you must explicitly configure Telligent Community to allow nonstandard characters in user names.

Configure Telligent Community for Windows Authentication

The Windows SSO Module is configured through the communityserver.config file. As an alternative to directly editing this file (because applying a future upgrade to Telligent Community will wipe out changes), we can make our changes through an external communityserver_override.config file. (Note: Out of the box, Telligent Community does not include a communityserver_override.config file. You need to create and modify this file yourself. A sample is located here.

Enable the Windows Authentication Module

To enable the Windows Authentication module, we'll set the extensionModules's enabled attribute to true by adding an Override entry into the communityserver_override.config file: 

<Override xpath="/CommunityServer/Core/extensionModules"
mode = "change"
name="enabled"
value="true" />

Configure the Windows Authentication Module

The following options may be configured. To configure a particular option, add the provided override into your communityserver_override.config file. If you want to use a different value for the option than used in the example, replace the highlighted section of the overrides with your own value. Copy your changed communityserver_override.config file into your Telligent Job Service directory, overwriting the pre-packaged override file if one exists. The default path for this file is C:\Program Files\Telligent\Job Service.

  1. allowAutoUserRegistration (Default: true)
    Determines whether you want Telligent Community to automatically create new accounts if an authenticated user who doesn't already have an account accesses Telligent Community. To turn this setting off, use the following override:
    <Override xpath="/CommunityServer/Core/extensionModules/add[@name='WindowsAuthentication']"
    mode="change"
    name="allowAutoUserRegistration"
    value="false" />
  2. adminWindowsGroupIsSystemAdministrator (Default: true)
    Controls whether members of the Administrators group are automatically treated as administrators by Telligent Community. To turn this setting off, use the following override:
    <Override xpath="/CommunityServer/Core/extensionModules/add[@name='WindowsAuthentication']"
    mode="change"
    name="adminWindowsGroupIsSystemAdministrator"
    value="false" />
  3. adminwindowsGroup (Default Administrators)
    If adminWindowsGroupIsSystemAdministrator is set to true, this specifies the role which will be automatically added as an administrator in Telligent Community. To change this role to MyAdministrativeGroup, use the following override:
    <Override xpath="/CommunityServer/Core/extensionModules/add[@name='WindowsAuthentication']"
    mode="change"
    name="adminWindowsGroup"
    value="MyAdministrativeGroup" />
  4. stripDomainName (Default: true)
    Windows usernames are normally in the form DOMAIN\UserNameNAME. By default, Telligent Community strips the domain name from a user's username when creating the user. If you do not want to strip the domain name, use the following override:
    <Override xpath="/CommunityServer/Core/extensionModules/add[@name='WindowsAuthentication']"
    mode="change"
    name="stripDomainName"
    value="false" />
  5. emailDomain (Default: @TempURI.org)
    Specifies the domain name that is appended to a user's username when creating the user in Telligent Community. To change this to Telligent.com, use the following override:
    <Override xpath="/CommunityServer/Core/extensionModules/add[@name='WindowsAuthentication']"
    mode="change"
    name="emailDomain"
    value="@Telligent.com" />
  6. profileRefreshInterval (Default: 7)
    Specifies the interval (in days) after which Telligent Community will refresh users. To change this value to occurring every day (every 24 hours), use the following override:
    <Override xpath="/CommunityServer/Core/extensionModules/add[@name='WindowsAuthentication']"
    mode="change"
    name="profileRefreshInterval"
    value="1" />

Mapping Active Directory groups to Telligent Community roles

If you want to map Active Directory groups to Telligent Community roles, you'll need to configure Active Directory group mappings.

Change the Authentication Mode to Windows

Open up the web.config file and find the line which looks like:

<authentication mode="Forms">

and change it to 

<authentication mode="Windows">

Configure IIS

Internet Information Services (IIS), by default, allows anonymous users to access your community without being required to log in. Disable anonymous authentication within IIS on every web server in your environment, preventing users who aren't already logged into the network from being recognized. You also need to configure IIS to accept Windows credentials:

  1. Open IIS Manager.
  2. Browse to your Telligent Community website in the Connections pane.
  3. In the IIS section of the right pane, in Features View, double-click Authentication.
  4. Disable all authentication types except Windows Authentication, leaving Windows Authentication as the only enabled authentication type.
If you encounter authentication errors when using Windows Authentication against localhost, refer to Microsoft's KB 896861.
 
At this point you can now authenticate against Active Directory.  You can also enable Set up AD Role & Profile sync

Related information

  • Active Directory group mapping
  • Authentication
  • Share
  • History
  • More
  • Cancel
Related
Recommended
  • Telligent
  • Professional Services
  • Submit a Support Ticket
  • Become a Partner
  • Request a Demo
  • Contact Us

About
Privacy Policy
Terms of use
Copyright 2022 Verint, Inc.
Powered by Verint Community