Configuring Web Browsers for Automatic Authentication
Here’s a trick that I’ve found not that many people are aware of. If you use Windows Authentication for your security, your users may be prompted with a login box when accessing MicroStrategy. While they can type in their network credentials into this box, this acts as a saved password. When the user changes their network password at regular intervals, this can then result in failed login attempts and occasionally even lock them out of the network all together. I think the reason you want to use Windows Authentication in the first place is to leverage single sign on and avoid the whole login/password screen in the first place. Today I’ll show you a few tricks you can do to configure each browser to automatically login to MicroStrategy without the need for those popups.
Why do they do this?
The web is a dangerous place, and your web browser does everything it can to protect you. Each handles it differently and comes with various levels of trust settings. In this particular case, the browser may not want to share your network credentials with an untrusted website. So what we have to do is tell the browser to trust your MicroStrategy site. This trick isn’t specific just to MicroStrategy, but to any site that uses Windows Authentication, including other applications on your internal network such as SharePoint or custom internal applications.
Internet Explorer
Internet Explorer will usually automatically do this for you, however depending on how you’ve setup your IIS, it may think your site is on the Internet instead of the Intranet (external vs internal). I have this setup in my environment, so in case you run into that login popup, you can apply these settings to configure Internet Explorer to consider your site safe and internal.
- Click on the Tools button and go to Internet Options.
- Click on the Security tab and click on Local Intranet and Sites.
- Click on Advanced.
- Add the URL of your site to this trusted list. You can use * as a wildcard if you’d like to make it more generic for other websites in your organization.
Firefox
Firefox does not pass Windows Authentication credentials by default, so you’ll always have to perform these steps if you want to use this browser.
- Navigate to the url: about:config
- Click the button I’ll be careful, I promise!
- Type in the filter box: network.auto and double click network.automatic-ntlm-auth.trusted-uris
- Add the URL of your site to this trusted list. You can use * as a wildcard if you’d like to make it more generic for other websites in your organization.
Chrome
With Google Chrome (after version 5.0), it just works on it’s own and you don’t have to enable anything. At least, it has for me in my environment, so if anyone has a scenario where it doesn’t and wants to share the steps to enable it, I’d be happy to modify this post with those instructions.
Hi All,
I want to implement Single Sign On to MSTR environment. Users can login to MSTR through VDI. I have implemented Single Sign on earlier so I am confident about it but can someone guide me that what additoinal steps needs to be performed in order to do it for the users’ access through VDI.
Regards,
Usman Farooqi