User Sources and Classic Authentication

Active Directory User Source

caution

The SSO Enabled setting was removed and deprecated in 8.1.17 to protect against a potential security vulnerability. While the property is still visible, it cannot be enabled without setting a special system property. This is not recommended.

Active Directory Deprecated Properties

Name	Description
SSO Enabled	Whether or not to use Single-Sign-On (SSO) to authenticate AD users, giving the ability to automatically log into the Client or Designer when already logged into Windows. For Client SSO login, each project must also have the SSO Login Project Property enabled. For Designer SSO login, Allow Designer SSO must be set in the Gateway General Security Settings.

Enable the Legacy Ignition Windows Active Directory Single Sign On

caution

This is not recommended for most environments and is associated with a known vulnerability.

The SSO feature can be re-enabled by adding an additional system property to the ignition.conf file located in the Ignition install directory and then restarting the Ignition service. Check the corresponding User Manual page for more information on the file's location:

• 7.9 location here
• 8.1 location here

The system property can be defined under the Java Additional Parameters section by adding the following:

wrapper.java.additional.X=-Dignition.enableInsecureAdSso=true

note

Make sure to replace the trailing "X" of the prefix "wrapper.java.additional.X" with the appropriate value that follows the ascending numerical order of the parameter list. See user manual page on Changing Java Additional Parameters for examples.

See the Active Directory SSO Disabled for 8.1.17 & 7.9.20 article for more information.