Configuring Single Sign On (SSO)

You can use Single Sign On to log in to the web interface of PA Server Monitor. This works by your browser communicating with Active Directory and providing a token that authenticates you to PA Server Monitor. At this time the Console does not support Single Sign On.

There are some prerequisites for Single Sign On to function properly:

• User accounts have to be designated via Active Directory (see Remote Access).
• The user must be logged in as an account specified in the step above. This implies the browser must be running on a network that can find and reach the Active Directory server.
• The browser needs to support Single Sign On (FireFox, Chrome and Edge support it).
• The URL to access the web interface must use the fully qualified server name (SSO depends on Kerberos which uses fully qualified domain names).

With the above in place, set this registry value on the Central Server:

HKEY_LOCAL_MACHINE\software\PAServerMonitor
Auth_OfferSingleSignOn = 1

The service does not need to be restarted after making this change. Once the change is made you will see a Single Sign On link on the web interface's login page.

Note that Two Factor Authentication (2FA) will not be used (even if an account is set up with it) when signing in via SSO.