000016599 - Windows Integrated SSO Returns 'Unable to Authenticate User' Message

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016599
Applies To5.1
IssueWindows Integrated SSO Returns "Unable to Authenticate User" Message
When Archer is configured with SSO and Windows Authentication the LDAP synch has to be configured correctly so that the user accounts created match the username that will be passed by Windows when logging in. If they do not match up perfectly the user will be presented with an "Unable to Authenticate User" message.

Under the configuration tab of the synch there is a field called User's Domain. This value will be combined with the username brought in through LDAP from the SAMAccountName value in the following format.

[User's Domain]\[SAMAccountName]

This should match exactly the credentials used when the user logs into their Windows machine. In most cases where they do not match we have found a web extension added to the end of the domain so archer.com\username instead of archer\username.

Legacy Article IDa58394