Views:

MET/TEAM can be configured to use Windows or SAML authentication to bypass the MET/TEAM login screen. The following requirements must be met to use either authentication method with MET/TEAM.

  1. You must configure IIS to support the correct type of authentication.
  2. You must Log in to the MET/TEAM application as an admin user or a user that has access to System Defaults.
  3. To get to the correct System Default, select the Configure menu then System Defaults.  The search criteria to use is "login", then click the search icon. 
  4. activate the System Default Login – Use Windows Authentication.
    mceclip1.png
  5. For Windows Authentication, you must match the MET/TEAM username to the person’s Windows username.  
    Example:  If your domain and user name is \\AcmeManufacturing\JoeCalibration   When configuring your user in MET/TEAM, the "Username" needs to be "JoeCalibration".  The user record mush be active and correctly configured with the appropriate user groups, "User" at a minimum in order to log in. 
  6. For SAML authentication, you must match the MET/TEAM username to the domain email address.

Configure IIS (Windows Authentication)

Configuring IIS as described below, will allow all major browsers to handle NTLM authentication and to automatically log you in.

  1. Open IIS
  2. Find your site in the list
  3. Double click “Authentication”
  4. Disable Anonymous Authentication
  5. Disable Form Authentication
  6. Disable ASP.NET Impersonation
  7. Disable Basic Authentication
  8. Enable Windows Authentication
    • Under “Advanced Settings”…
    • Verify that “Enable Kernel-mode authentication” is selected
    • Make sure the “Extended Protection” setting is set to “Off” if using MET/CAL
  9. Close IIS

With this setting enabled, MET/TEAM will require browsers to do a windows NTLM negotiation before accessing the website.

To Turn Off Windows Authentication:

  1. Open IIS
  2. Find your site in the list
  3. Double click “Authentication”
  4. Enable Anonymous Authentication.
  5. Disable the four other options
  6. Run the following SQL Server script on your METTEAM database:

    UPDATE SystemDefaults
    SET lActive = 0,
    cValue = '(none)'
    WHERE cProperty = 'Login - Use Windows Authentication'

  7. Restart the METTEAM Application Pool and METTEAM website in IIS

Note: All client computers will have to be on the associated domain to access MET/TEAM.

 

Keywords: METTEAM, login, windows_authentication, windows authentication, SAML, SSO, Single Sign On