Skip to main content
Version: Deprecated Pages

User Sources and Classic Authentication

Active Directory User Source


The SSO Enabled setting was removed and deprecated in 8.1.17 to protect against a potential security vulnerability. While the property is still visible, it cannot be enabled without setting a special system property. This is not recommended.

Active Directory Deprecated Properties

SSO EnabledWhether or not to use Single-Sign-On (SSO) to authenticate AD users, giving the ability to automatically log into the Client or Designer when already logged into Windows.
  • For Client SSO login, each project must also have the SSO Login Project Property enabled.
  • For Designer SSO login, Allow Designer SSO must be set in the Gateway General Security Settings.
  • Enable the Legacy Ignition Windows Active Directory Single Sign On


    This is not recommended for most environments and is associated with a known vulnerability.

    The SSO feature can be re-enabled by adding an additional system property to the ignition.conf file located in the Ignition install directory and then restarting the Ignition service. Check the corresponding User Manual page for more information on the file's location:

    The system property can be defined under the Java Additional Parameters section by adding the following:


    Make sure to replace the trailing "X" of the prefix "" with the appropriate value that follows the ascending numerical order of the parameter list. See user manual page on Changing Java Additional Parameters for examples.

    See the Active Directory SSO Disabled for 8.1.17 & 7.9.20 article for more information.