Search
K

Windows Client Authenticator

The Windows Client Authenticator App for Maverics allows Windows/IIS users to validate their identity to Maverics Orchestrator using their Windows desktop credentials. The Windows Client Authenticator app must be installed on the IIS server. The app can be downloaded from an Environment.

Requirements

To install the Windows Client Authenticator App, you will need:
  • IIS with web server features enabled
  • .NET 7.0.13 Windows Server Hosting bundle (the installer will install the bundle for you if not already installed)
  • Administrator privileges
  • Windows Server 2008 R2 or later

Installation

  1. 1.
    Run the installer file WindowsClientAuthenticatorAppforMaverics.exe.
  2. 2.
    Accept the license terms and click Install.
  3. 3.
    The installer will check for the .NET 7.0.13 Windows Server Hosting bundle. If the bundle is not already installed, it will install it for you. When the hosting bundle dialog appears, accept the installation or repair the system.
  4. 4.
    Restart the IIS Services.
  5. 5.
    In the IIS Manager console, Strata Windows Authentication is listed as a site. Complete the following:
  • enable Windows Authentication and disable Anonymous Authentication
  • enable NTLM as the only provider for Windows authentication, and remove Negotiate from the list of Enabled Providers
  • further advanced settings are optional
  1. 6.
    By default, the Windows Client Authenticator runs on port 80. Strata recommends editing the site binding to use https instead for tighter security.
  2. 7.
    Add a DNS record for the Windows Client Authenticator App website binding to your Domain Controller.

Configuration with Maverics

To configure Windows Client Authenticator with Maverics, you'll need to provide a friendly name for the configuration, and the URL of the hostname binding. Optionally, you can provide the path to your certificate authority, or disable TLS verification for testing purposes only.
See the Windows Client Authenticator Connector for more details on how to configure Maverics to authenticate against the Windows Client Authenticator App.

Testing the installation

  1. 1.
    From your browser, enter the URL of the Windows Client Authenticator App hostname binding.
  2. 2.
    At the prompt, enter your Windows credentials for the domain account.
  3. 3.
    The landing page should reflect your user name.

Configuration with Windows NT LAN Manager (NTLM)

Windows Client Authenticator can be configured to use seamless NTLM authentication so that users only need to enter their credentials once.

Microsoft Edge and Google Chrome

  1. 1.
    Go to Internet Settings > Local Intranet > Advanced.
  2. 2.
    Under Add this website to the zone:, add both the Windows Client Authenticator site URL and app URL.

Firefox

  1. 1.
    Open a new tab and navigate to about:config.
  2. 2.
    Search for the following parameters and add both the Windows Client Authenticator site URL and app URL (separated by a comma) to all three of them:
    network.automatic-ntlm-auth.trusted-uris
    network.negotiate-auth.delegation-uris
    network.negotiate-auth.trusted-uris
  3. 3.
    Search for the parameter, signon.autologin.proxy, and change it to true.