Single Sign-On is possible for the One Identity (1IM) Web Portal (IT Shop)
if the following conditions are met:
1. The configuration parameter
TargetSystem\ADS\AuthenticationDomains contains a valid value, e.g. domain.com.
In
Designer select
Getting Started then
Edit configuration parameters:![](https://prod-support-images-cfm.s3.amazonaws.com/KB_1-4SPFQQM_config.png)
2. The appropriate Authentication Module, i.e.
Active Directory user account (role based), is enabled.
In
Designer select
Base Data, expand
Security settings and select
Authentication modules:
![](https://prod-support-images-cfm.s3.amazonaws.com/KB_1-4SPFQQM_auth.png)
3.
Anonymous Authentication for the web site is disabled in IIS:
![](https://prod-support-images-cfm.s3.amazonaws.com/KB_1-4SPFQQM_authentication.png)
4. The logged in user, e.g. logged in to a Windows system, has a valid ADSAccount and role-based Employee in the 1IM database, e.g.:
![](https://prod-support-images-cfm.s3.amazonaws.com/KB_1-4SPFQQM_emp.png)
5. It may be necessary to update Internet Explorer to use the
Automatic logon with current username and password option.
![](https://prod-support-images-cfm.s3.amazonaws.com/KB_1-4SPFQQM_IE.png)
6. It is assumed the 1IM web portal is configured correctly and the appropriate Authentication module is selected in the web.config.