Skip navigation FileNet logo
Glossary  |  Help Directory  
  Help for Process Engine Administration
  Search  |  Index
Process Reference  
Process Engine Administration
Workflow administration tasks
System administration tasks
  Configuring the Process Engine
  Configuring users and groups (Workplace)
  Configuring users and groups (Open Client/FileNet Web Services Client)
    Defining users
    Eliminating multiple logons
    Configuring shared logon
    Configuring unified logon
    Configuring LDAP logon (Open Client)
    Changing the fnsw password
    Modifying the user cache refresh rate (FileNet Web Services Client)
  Configuring optional features
  Running the Process Engine
  Improving system performance
  Troubleshooting
   

Configuring unified logon

The unified logon option allows you to create identical user definitions in Image Services (IS) and Content Services (CS) systems, based on the existing Windows domain user and group information. Once the user successfully logs on to a domain, the user is allowed access to both the Process Engine (via the IS security system) and the CS security system without an additional logon.

NOTE The unified logon option only works with Internet Explorer browsers.

FileNet provides utilities to export user information from the Windows domain and import the information into the IS security system. You can also import Windows domain user and group information into the CS security system.

To enable unified logon, you must:

Importing users from the Windows domain to Content Services

On the Windows server that hosts the CS library, perform the following steps to import Windows domain users:

  1. Log on to the Windows domain from which you will import users. You must log on as an Administrator of the domain.
  2. Select CS Configuration from the Windows Control Panel.
  3. Select the WinNT/Win2000 User Import tab.
  4. From the NT Domain/Group Selection list box, select the domain from which to import the users.
  5. Select the desired groups from the Available Groups list box. The process imports only the user names contained in the groups—it does not import passwords.
  6. Repeat steps 3 and 4 to import additional domain groups.
  7. If you want the import process to run regularly, check the Enable user import box. The Run Settings values (Interval and Offset) specifies how often the import runs. Running the import process regularly enables you to update Content Services with changes made to the Windows domain user accounts since the last import.
  8. If the newly imported users need to add documents to the library, right-click on each selected group and choose Group Defaults. Check the Add items box if necessary.

NOTE If the import process encounters duplicate account names in the selected domain groups—for example, Accounting\jsmith and HumanResources\jsmith—only the first imported domain name is assigned to the user. The user must log on to the first imported domain, otherwise the log on fails.

NOTE If you make modifications to the CS user’s group membership after importing, set the user’s Imported User property to No. If you don’t, subsequent synchronizations override any modifications you make to the user’s group membership.

Importing users from the Windows domain to Process Engine

On the Process Engine, export user and group names from the Windows domain, and then import them into the Image Services security system. See "SEC_imp" in the Image Services System Tools Reference Manual, which is available on the FileNet web site at http://www.css.FileNet.com. Once you log on to the site, proceed to Product Tech Info > Image Manager (IM) > Image Services (IS) > Product Documentation and select the appropriate version link for your system.

Configuring the FileNet Web Services Client

On the web server on which FileNet Web Services Client is installed, perform the following steps.

NOTE The web server must be a part of the same Windows domain from which you imported the users and groups.

  1. Configure the Internet Service Manager
    1. Start the Internet Service Manager (IIS).
    2. Right-click on Default Web Site, and select Properties from the context menu.
    3. From the Directory Security tab, click Edit in the Anonymous Access and Authentication Control box.
    4. Uncheck the Anonymous Access box.
    5. Verify that the Integrated Windows Authentication box is checked.
    6. Click OK and then click OK again .
    7. (For ActiveX Client) Navigate to the IDMWS/Redist/WF_Extras folder.
      ( For Open Client) Navigate to the [virtual directory]/eProcess/download folder, where [virtual directory] is the name you assigned to the IIS virtual directory for Open Client.
    8. Right-click on the folder and select Properties from the context menu.
    9. From the Directory Security tab, click Edit in the Anonymous Access and Authentication Control box.
    10. Check the Anonymous Access box.
    11. Click OK and then click OK again.
    12. Exit Internet Service Manager.
  2. Configure the Local Security Settings.
    1. From the Start menu, select Administrative Tools/Local Security Policy.
    2. Select Local Policies/User Rights Assignment in the Tree pane.
    3. Double-click on the Log on locally policy. In the window that appears, click the Add button to add the desired users.
    4. Click OK and then click OK again.
    5. Exit the Local Security Setting dialog.
  3. Configure FileNet Web Services Client.
    1. From the Start menu, select FileNet IDM\Configure.
    2. Click Additional Preferences.
    3. In the IDM Preferences dialog box, expand the Libraries node.
    4. Expand the node for the desired library, and set Use operating system credentials for logon to Yes.

      NOTE Setting this option to No prevents access to the CS and IS libraries via the unified logon option. It does not, however, affect the logon behavior of the Process applications. Once unified logon has been configured, the Process applications always try the operating system credentials first, and only prompt for login information if the operating system credentials do not match the name used in the IS security system.
    5. Click OK and then Close.