Skip to main content
Matrix42 Self-Service Help Center

HowTo: Setup SSO with your Active Directory (using NTLM)

  1. Last updated
  2. Save as PDF

Summary

Explains how to setup single-sign-on with your windows accounts for MyWorkspace using your on-premise Active Directory.

Goal

This article assumes, you already installed and configured a connector for your on-premise Active Directory. If you don't please refer to Video: How to integrate Active Directory.

In addition, the email address associated with your windows account must match the email address of your Matrix42 Account.

First Step

Start with allowing MyWorkspace to use Windows integrated authentication. MyWorkspace uses Matrix42 Accounts for authentication, so you need to add https://accounts.matrix42.com to your trusted URIs. The required steps differ between browsers. Below you find instructions for the major ones.

Internet Explorer and Chrome

  1. Open "Internet Options" window (e.g. by opening Internet Explorer and select "Internet Options" from the "Extras" menu).
  2. Navigate to "Security" tab.
  3. Click one after another on "Local Intranet", "Sites" and "Advanced".
  4. Enter "https://accounts.matrix42.com" (without the quotes) and click "Add".
  5. Close all windows and save the settings.

Edge

  1. Open "Control Panel" window.
  2. Open "Internet Options".
  3. Navigate to "Security" tab.
  4. Click one after another on "Local Intranet", "Sites" and "Advanced".
  5. Enter "https://accounts.matrix42.com" (without the quotes) and click "Add".
  6. Close all windows and save the settings.

Firefox

  1. Open Firefox.
  2. Enter "about:config" (without the quotes) in the address bar and press return. Accept the warning to continue.
  3. Search for the setting "network.automatic-ntlm-auth.trusted-uris".
  4. Edit its value by double clicking on the line.
  5. Enter "https://accounts.matrix42.com" (without the quotes). If there is already a value set, append the new URL separated by a comma.
  6. Click "OK" and close the tab.

Second Step

Finish the configuration by enabled NTLM in for Active Directory sign in.

  1. Open https://myworkspace.matrix42.com/app/admin/loginpage and sign in with a company administrator account.
  2. When you have an enabled Active Directory connector installed, you will see a checkbox for enabling NTLM in the "Identity Provider" section.
  3. Tick the checkbox and save.
  4. When you login using your company specific login URL now, and click on the "Active Directory" button, you will be logged in automatically with your currently logged in windows account.

More Information

Login with NTLM fails on the same computer, where the connector is installed

When you try to login using NTLM from the same computer, where the connector is installed, you will most likely receive an error. This is a security feature by Microsoft (read more in KB896861).

You won't have this problem from any other computer. If you want to use NTLM login from the same computer, where the connector is installed, you can disable the loopback check for our login page. You can either do this manually by following the instructions in the linked KB article by Microsoft or use the attached registry file.