|Product Set: Archer|
Product/Service Type: Archer Control Panel (ACP), Single Sign-On
|Issue||When SSO is configured and trying to login using the browser, the browser prompts you to enter the Domain Credentials on which after entered correctly still getting 401 Unauthorized response.|
|Cause||One of the main causes can be that the Domain Accounts group/s do not have an appropriate access level on the Archer folder in IIS.|
|Resolution||There are several steps to ensure that everything is correctly set:|
- Verify that the web.config used is valid and is reflecting the current setup.
- Verify that the folders in IIS are set to Windows Authentication excluding API, ContentAPI, PlatformAPI, WS, and CompanyFiles.
- Verify that Windows Authentication is chosen from the Archer Control Panel.
Apart from this, we need to guarantee that Domain Users have the appropriate access to the RSA Archer folder.
- Go to the Application location, usually, it is found through c:/inetpub/wwwroot/
- Right Click on RSAarcher folder and click properties.
- Go to the Security tab and ensure that the domain users group (or the correct group from AD) having read and run permissions on this folder.