MicroStrategy ONE
Developer Configuration for Integrated Authentication
To enable integrated authentication in a Windows MicroStrategy environment you will need to configure your MicroStrategy users and the Project sources.
Configure the Project Source
- In Developer right click on your Project Source.
- Click Modify Project Source.
- On the Connection tab, under Server Name, type the server name exactly as it appears is the Service Principal Name created in Active Directory Account Configuration with the format
MSTRSVRSvc/<hostname>:<port>@<realm>
. - In the Advanced tab Use Integrated Authentication.
Mapping Users to Active Directory
- In Project Source open Administration > User Manager.
- Right click on a user and select Edit > Authentication > Metadata.
- Enter the Active Directory user log in under Trusted Authentication Request User ID.
- Click OK.
Linking Integrated Authentication Users to LDAP Users
When users log in to MicroStrategy using their integrated authentication credentials, their LDAP group memberships can be imported and synchronized.
By default, users' integrated authentication information is stored in the userPrincipalName
LDAP attribute. If your system stores integrated authentication information in a different LDAP attribute, you can specify the attribute when you configure the import.
To Import LDAP User and Group Information for Integrated Authentication Users
- In Developer, log in to a project source. You must log in as a user with administrative privileges.
- From the Administration menu, select Server, and then select Configure MicroStrategy Intelligence Server.
- Expand the LDAP category, then expand Import, and then select Options.
- Select the Synchronize user/group information with LDAP during Windows authentication and import Windows link during Batch Import check box.
- Select the Batch import Integrated Authentication/Trusted Authentication unique ID check box.
- By default, users' integrated authentication IDs are stored in the
userPrincipalName
LDAP attribute. If your system stores integrated authentication information in a different LDAP attribute, click Other, and type the LDAP attribute that contains users' IDs. - Click OK.