MET/TEAM can be configured to use Windows or SAML authentication to bypass the MET/TEAM login screen. The following requirements must be met to use either authentication method with MET/TEAM.
- You must configure IIS to support the correct type of authentication.
- You must Log in to the MET/TEAM application as an admin user or a user that has access to System Defaults.
- To get to the correct System Default, select the Configure menu then System Defaults. The search criteria to use is "login", then click the search icon.
- activate the System Default Login – Use Windows Authentication.
- For Windows Authentication, you must match the MET/TEAM username to the person’s Windows username.
Example: If your domain and user name is \\AcmeManufacturing\JoeCalibration When configuring your user in MET/TEAM, the "Username" needs to be "JoeCalibration". The user record mush be active and correctly configured with the appropriate user groups, "User" at a minimum in order to log in. - For SAML authentication, you must match the MET/TEAM username to the domain email address.
Configuring IIS as described below, will allow all major browsers to handle NTLM authentication and to automatically log you in.
- Open IIS
- Find your site in the list
- Double click “Authentication”
- Disable Anonymous Authentication
- Disable Form Authentication
- Disable ASP.NET Impersonation
- Disable Basic Authentication
- Enable Windows Authentication
- Under “Advanced Settings”…
- Verify that “Enable Kernel-mode authentication” is selected
- Make sure the “Extended Protection” setting is set to “Off” if using MET/CAL
- Close IIS
With this setting enabled, MET/TEAM will require browsers to do a windows NTLM negotiation before accessing the website.
Note: All client computers will have to be on the associated domain to access MET/TEAM.
To Turn Off Windows Authentication:
- First ensure at least one user belonging to the "Administrator" group has a known username and MET/TEAM password before starting this process.
- Log into MET/TEAM, click Setup-->Users and locate the desired user
- Note and/or update the "Username" for use later
- Click the [Change] button under the "Password" caption and in the pop up, enter the desired "New password" and click save
NOTE: Any user can change their password during the log in process as long as they know their current password which was just set, so this new password doesn't have to be permanent. - Repeat steps above for as many users as desired, closing the User page when finished
- Disable the "Login - Use Windows Authentication" system default
- If you have access to the MET/TEAM interface click Configure--> System Defaults then locate inactivate and save the "Login - Use Windows Authentication" system default
- If you don't have access to the MET/TEAM interface run the following SQL Server script on your METTEAM database:
UPDATE SystemDefaults
SET lActive = 0,
cValue = '(none)'
WHERE cProperty = 'Login - Use Windows Authentication'
- Next we need to reconfigure the website settings...
- On the server, open IIS
- Find your site in the list
- Double click “Authentication”
- Enable Anonymous Authentication.
- Disable the four other options
- Restart the METTEAM Application Pool and METTEAM website in IIS
- Navigate to the MET/TEAM website and clear your cache by pressing the [Ctrl]+[F5] keys and log in with the MET/TEAM user name and password to confirm Windows authentication is now disabled.
Steps 3 - 10 need to be repeated if you are also using Customer Portal with windows authentication.