Cannot authenticate to web portal from an untrusted domain (4349426)

Cannot authenticate to web portal from an untrusted domain

The configuration parameter “TargetSystem\ADS\AuthenticationDomains\AuthenticationDomains" is already configured with two domains, e.g.: "domain1 | domain2".

Website Configuration is set to use “Active Directory user account (manual input/role based)”

The user account is Fully Managed and linked to an Employee record.

The user receives the message:

"An error has occurred."

"You are not authorized to use the database”

What setting could be missing?

The user is in a domain that is untrusted by the domain where the web server resides.

Please also see Knowledge Article 109531, Login error: "You are not authorized to use this database" when logging in to IT Shop, as this can also result due to configuration issues.

At least a one-way trust is required when accessing the web portal and using the AD authentication modules.

For example, when a user from an untrusted domain, to that on which the IIS server resides, attempts to log in to IT Shop, the authentication will fail.

Basically, if the user cannot authenticate to IIS, then the authentication won't work, because there is no trust.

In this case the domain where the user resides, let's assume Domain A, needs to be trusted by the domain where the web server resides, let's assume Domain B.  For this to work a trust direction from Domain B to Domain A will be required.