The unified logon option allows you to create
identical user definitions in Image Services
(IS) and Content Services (CS) systems, based
on the existing Windows domain user and group
information. Once the user successfully logs
on to a domain, the user is allowed access to
both the Process Engine
(via the IS security system) and the CS security
system without an additional logon.
NOTE The
unified logon option only works with Internet
Explorer browsers.
FileNet provides utilities to export user information
from the Windows domain and import the information
into the IS security system. You can also import
Windows domain user and group information into
the CS security system.
Importing users from the
Windows domain to Content Services
On the Windows server that hosts the CS library,
perform the following steps to import Windows
domain users:
Log on to the Windows domain from which
you will import users. You must log on as
an Administrator of the domain.
Select CS Configuration from the Windows
Control Panel.
Select the WinNT/Win2000 User Import tab.
From the NT Domain/Group Selection list
box, select the domain from which to import
the users.
Select the desired groups from the Available
Groups list box. The process imports only
the user names contained in the groupsit
does not import passwords.
Repeat steps 3 and 4 to import additional
domain groups.
If you want the import process to run regularly,
check the Enable user import box. The Run
Settings values (Interval and Offset) specifies
how often the import runs. Running the import
process regularly enables you to update Content
Services with changes made to the Windows
domain user accounts since the last import.
If the newly imported users need to add
documents to the library, right-click on each
selected group and choose Group Defaults.
Check the Add items box if necessary.
NOTE If
the import process encounters duplicate account
names in the selected domain groupsfor
example, Accounting\jsmith and HumanResources\jsmithonly
the first imported domain name is assigned to
the user. The user must log on to the first
imported domain, otherwise the log on fails.
NOTE If
you make modifications to the CS users
group membership after importing, set the users
Imported User property to No. If you dont,
subsequent synchronizations override any modifications
you make to the users group membership.
Importing users from the
Windows domain to Process Engine
On the Process Engine,
export user and group names from the Windows
domain, and then import them into the Image
Services security system. See "SEC_imp"
in the Image Services System Tools Reference
Manual, which is available on the FileNet
web site at http://www.css.FileNet.com.
Once you log on to the site, proceed to Product
Tech Info > Image Manager (IM) > Image
Services (IS) > Product Documentation and
select the appropriate version link for your
system.
Configuring the FileNet Web Services Client
On the web server on which FileNet Web Services Client
is installed, perform the following steps.
NOTE The
web server must be a part of the same Windows
domain from which you imported the users and
groups.
Configure the Internet Service Manager
Start the Internet Service
Manager (IIS).
Right-click on Default
Web Site, and select Properties
from the context menu.
From the Directory Security
tab, click Edit
in the Anonymous
Access and Authentication Control
box.
Uncheck the Anonymous
Access box.
Verify that the Integrated
Windows Authentication box is checked.
Click OK
and then click OK
again .
(For ActiveX Client) Navigate
to the IDMWS/Redist/WF_Extras folder.
( For Open Client) Navigate to the [virtual
directory]/eProcess/download folder, where
[virtual directory] is the name you assigned
to the IIS virtual directory for Open
Client.
Right-click on the folder and select
Properties
from the context menu.
From the Directory Security
tab, click Edit
in the Anonymous
Access and Authentication Control
box.
Check the Anonymous
Access box.
Click OK
and then click OK
again.
Exit Internet Service Manager.
Configure the Local Security Settings.
From the Start menu, select
Administrative Tools/Local Security Policy.
Select Local Policies/User
Rights Assignment in the Tree pane.
Double-click on the Log
on locally policy. In the window
that appears, click the Add
button to add the desired users.
Click OK
and then click OK
again.
Exit the Local Security Setting dialog.
Configure FileNet Web Services Client.
From the Start menu, select
FileNet IDM\Configure.
Click Additional
Preferences.
In the IDM Preferences dialog
box, expand the Libraries
node.
Expand the node for the desired library,
and set Use
operating system credentials for logon
to Yes.
NOTE Setting
this option to No prevents access to the
CS and IS libraries via the unified logon
option. It does not, however, affect the
logon behavior of the Process applications.
Once unified logon has been configured,
the Process applications always try the
operating system credentials first, and
only prompt for login information if the
operating system credentials do not match
the name used in the IS security system.