Dear members, due to maintenance work, the RWS Community might be down tomorrow, Wednesday, 06.07.2022, from 05:30 AM CET to 06:30 AM CET. We thank you for your time and understanding throughout the process.

SDL Tridion Docs 14SP2 - Windows Authentication setup

SDL Tridion Docs - The default system that manages user identity for Tridion Docs is  ISHSTS (Infoshare Security Token Service), In the Post-installation SDL Tridion Docs can be enabled to authenticate uses through the customer's STS system or Windows Authentication rather than Infoshare STS, In this post will explain the steps to integrate the SDL Tridion Docs with Windows Authentication, In the next article will explain about the SSO/ADFS setup for SDL Tridion Docs.

Tridion Docs Prerequisites

  • SDL Tridion Docs System should be connected to Windows Active Directory
  • IIS Windows Authentication feature should be enabled

Step1: Configure application server for Lightweight Windows Authentication

  1. RDP to SDL Tridion Docs Installed system
  2. Take a whole Infoshare folder backup and also take the database backup
  3. Locate the PowerShell script SDL.ISH-ISHSTS-Configure for Windows Authentication.ps1 in the folder \InfoShare\App\Setup\STS\ISHSTS\Scripts
  4. Open PowerShell with elevated administrator privileges. Run As Administrator. If the PowerShell session is not running with administrator privileges, the script will launch a new session, and administrator privileges will be requested to the user.
  5. This task requires a PowerShell session with Execution Policy set to Unrestricted.
    • If it is not set, you need to set it permanently by executing the following:
      Set-ExecutionPolicy Unrestricted
  6. Navigate to the script folder \InfoShare\App\Setup\STS\ISHSTS\Scripts
    a. cd \InfoShare\App\Setup\STS\ISHSTS\Scripts
  7. Execute script SDL.ISH-ISHSTS-Configure for Windows Authentication.ps1
    • .\SDL.ISH-ISHSTS-Configure for Windows Authentication.ps1
cd \InfoShare\App\Setup\STS\ISHSTS\Scripts
& '.\SDL.ISH-ISHSTS-Configure for Windows Authentication.ps1'

Step 2: Configure the Content Manager to switch internal accounts to Windows AD accounts

On Content Manager, set the following:
User type to "External"
External ID to AD login username (domain\velmurugan)

Step3: Enable Windows Authentication

  1. Open the PowerShell with administrator mode and run this below script
#Ensure windows authentication IIS feature enabled
Enable-WindowsOptionalFeature -Online -FeatureName IIS-WindowsAuthentication

$deploymentName="InfoShare"
Set-ISHSTSConfiguration -ISHDeployment $deploymentName -AuthenticationType "Windows"

 
Note:

If the database is SQL Server and the connection string utilizes integrated authentication then we need to grant the computer account permissions to the database.

Configuring the Content Manager SQL Server database for Windows Authentication


References
SDL Documentation
PS Documentation

SDL Tridion Docs 14SP2 - Windows Authentication setup
I hope it helps if you have any questions regarding post your question in Tridion StackExchange.