Skip to main content

Orchestrate: Default to Windows Authentication

Written by Charnjit Singh Dharival

  • Need the login prompt to default to Windows authentication.

  • Does Orchestrate use LDAP or how does the application handle Windows authentication?

    Orchestrate does not use LDAP for Windows authentication. Three authentication settings are available to choose from:

    1. Application Only - This means that only Orchestrate application user IDs can be used to log in. Windows AD User IDs will be rejected. This is the classic way Orchestrate authenticates users. When upgrading Orchestrate from previous versions, this will be the default authentication setting.

    2. Windows Only - This setting only allows users to log in with their Windows AD User ID used in their current Windows session. Orchestrate application user IDs will be rejected.

    3. Application and Windows - When using this setting, users will be able to choose which way they want to log into Orchestrate.


    Note: Orchestrate only accepts Windows AD User IDs registered on the same AD domain as the SQL Server instance. Local Windows User IDs and Windows AD User IDs from a different domain to the SQL Server instance will be rejected.

    To change the authentication setting please log into Orchestrate System Manager and complete the following steps:-

    1. Select File

    2. Authentication Setting

    3. Choose Windows only

    4. click OK


    Before Windows authentication can be used, Windows AD User IDs must be assigned against existing Orchestrate application user accounts. Use the Orchestrate System Manager to achieve this:-

    1. Log into the Orchestrate System Manager

    2. Select File, User Management, User Management

    3. Click Modify

    4. Create a new application user account with the Add button if necessary

    5. Enter a Windows AD User ID into Associated Windows User ID column for an application user account. The format should be: Domain\Windows_User_ID

    6. Click Save

    7. The value in the Associated Windows User ID column should be either blank or unique. This means that a Windows AD User ID can only be assigned against one application user account. All permissions or roles should be granted to application user accounts.

    If you are using Orchestrate version 7.68 or above:

    1. Log into Orchestrate

    2. select tools, Orchestrate users, User Management

    3. Click Modify

    4. Create a new application user account with the Add button if necessary

    5. Enter a Windows AD User ID into Associated Windows User ID column for an application user account. The format should be: Domain\Windows_User_ID

    6. Click Save

    7. The value in the Associated Windows User ID column should be either blank or unique. This means that a Windows AD User ID can only be assigned against one application user account. All permissions or roles should be granted to application user accounts.


    NOTE: Orchestrate administrators should make sure that at least one application user account with admin privilege has a Windows AD User ID associated to it when using the Windows Only authentication setting. Otherwise, no one can log into the System Manager any more.

    System Manager: "Admin" account was the only account which can be used to log into the System Manager. Along with this change, users will be able to log in with any user accounts that have admin privilege from 7.53. This could minimise the usage of the "Admin" account

Related Articles
Error: 'Orchestrate cannot validate your network licence. Feature not found'
Database name does not appear after selecting correct server name from the login form
Error: 'Windows account is not trusted'
Cannot connect to the database
Cannot log in due to error message "Windows account is not trusted."
Did this answer your question?