Configure Insight for Windows Authentication
Use the procedure in this section to configure Kofax Insight for Windows Authentication.
Before configuring Insight, select Windows authentication in IIS for the web application (default website).
- Navigate to .
- In the navigation panel, click Authentication.
-
Click the
Authentication Method tab and select the following:
- User properties are obtained from the environment: Windows
- And then user roles and access rights are determined by comparing these values to: Fixed values
-
User Identifier (UID): Specify a way to get the user's ID. The ID should be constant for a
specific user's login. Usually, it is a session property (Identity) that looks to the Active Directory domain and user name.
- In the navigation panel, click User mapping.
- On the User Mapping tab for User Identifier (UID), set the "Session property" to Identity.
-
Set session properties for
User Name and
Email.
-
On the
User Mapping tab for
User Name, set the
"Session property" to
FullName.
User Name is the display name of a user account. Usually, it is one of the Active Directory properties, such as Identity, name, FullName, displayName or another convenient property. Your Domain Admin can provide all available Active Directory properties.
-
On the User Mapping tab for Email, set the
"Session property" to
Email Address.
Email is the email address of the user account. It is used for self-subscriptions only. Usually, it is the Active Directory property mail or Email Address. Your Domain Admin can provide you with all available Active Directory properties.
-
On the
User Mapping tab for
User Name, set the
"Session property" to
FullName.
Mapping Roles
Roles define a set of predefined Admin settings such as the theme, date format, etc. Also, roles define specific access rights to projects and dashboard views. It's necessary to describe mapping rules for each role. Usually, the Active Directory property memberOf is used. In the sample illustration, users with the Active Directory property memberOf, including the admin, are assigned to the KAFK admin role. Your Domain Admin can provide you with all available Active Directory properties.
Each row in the mapping grid uses the AND operand. If multiple roles on the Roles list match conditions for a user account, the access rights are merged from all matching roles, while other settings (such as the theme or date format) are assigned by the top matching role on the list.