Within the Agent Guidance Application, authentication is used to identify the end-user upon accessing the website, and for all external queries (database queries, local & remote file access) executed in processing the user's actions. Authentication options both for communicating with the website, and for the website undertaking actions on a user's behalf, are configured separately as defined in User Access Authentication & Website Resource Access. The authentication options available within Agent Guidance are handled by standard Microsoft IIS authentication processes.
Windows Authentication Process
When Windows Authentication is in use, Agent Guidance resolves the user's Windows identify through Microsoft IIS' built-in functionality to a Windows security principal. This security principal can then be utilised for accessing the website, database, or other resources. Microsoft IIS supports the full range of Microsoft Active Directory permission structures, and can resolve users and their security group memberships across trusted domains, and in the 3 security group scopes: Universal, Global, and Domain Local.
While Agent Guidance utilises IIS to resolve the user's Windows identity, once authenticated for resource access the user is matched to a Agent Guidance user by username alone. For example, in the case of multiple users on different domains all having resource access to the Agent Guidance website and database, e.g. Domain1.JohnDoe and Domain2.JohnDoe, Agent Guidance will log both people in as the same JohnDoe user.
For this reason, care must be taken when a trusted or forested domain relationship is being utilised to avoid any duplicate usernames across the Active Directory structure(s) for users of Agent Guidance.
Single Sign On
Single Sign On (SSO) support was added to Agent Guidance in version 4.6.43, and requires a Forms Authentication installation. For the purposes of this guide, all SSO-related points should be referenced to the relevant Forms Authentication information.
For further information on configuring and using SSO in Agent Guidance, please refer to the Single Sign On article.
