|
To edit a workgroup, click on the Edit icon on the Button Bar. Then, select a workgroup to edit from the pulldown menu and click the Edit button under the pulldown menu. You can also click on the Edit icon to the left of a workgroup name from the Home Page.
The following workgroup settings can be modified:
NetResults Tracker is authentication performed by the Tracker application itself using a Login web page which requests the user's Tracker User ID and Password. The Microsoft IIS web server will be configured to allow "Anonymous" access (no authentication is performed by IIS itself). All other forms of authentication use the Microsoft IIS web server and Windows operating system to authenticate the user before they are given access to any Tracker web pages. The Tracker Login Page is not displayed. However, a user's web browser may display a pop-up to request the user's credentials (Windows user name, password, and, in some cases, domain) if it needs this information (or is configured to always request this information) in order to complete authentication with the IIS web server.
Selecting "IIS Basic", "IIS Integrated Windows" or "IIS Basic and Integrated Windows" authentication enables single sign-on capability provided by the Microsoft IIS web server. If one of those authentication mechanisms is selected, the IIS web server and Windows operating system will authenticate the user and then verify that the user should be given access to the Tracker web pages (using the Windows file system permission settings on the web pages). If the Windows authentication and access control checks pass, then IIS will pass the request on to Tracker. Tracker will then search its own user account list for a matching entry (Windows User name matches Tracker User ID) to verify that the user should be given access to the workgroup before displaying the user's Home Page.
A summary of the reasons why you might select one form of authentication over another is provided below.
Generally speaking, NetResults Tracker authentication is the simplest for you to set up and has the lowest Windows Server licensing costs. However, it does require that your users maintain a separate user account for Tracker and for Windows (if they are using Windows). If they routinely change their password, they will have to change their Windows password and their Tracker password. NetResults Tracker authentication works with all supported browsers running on any operating system.
If you use one of the three forms of IIS authentication, your users will not need to maintain a separate password (authentication will be done by IIS using their Windows user account) and you can use Windows to enforce password policies. However, it is generally harder to configure and maintain (especially if you are using IIS Integrated Windows or IIS Basic and Integrated Windows). It may cost more for your Windows Server licensing to use Windows authenticated users (contact your Microsoft reseller and ask about Windows authenticated users accessing the IIS web server).
IIS Basic Authentication works with all supported web browsers on any operating system. However, it sends Windows passwords in "clear text", so it should only be used in conjunction with SSL.
IIS Integrated Windows does encrypt passwords (even without SSL), but can not be used with any browser other than Internet Explorer. Also, IIS Integrated Windows (or "IIS Basic and Integrated Windows") can not be used in an environment where there is a (hardware or software) firewall or proxy server between your end users (their web browsers) and the web server. Though it may appear to work in some cases, it will (sometimes intermittently) have situations where the browser requests the users credentials over and over. Keep in mind that software which acts as a firewall or proxy server may not label itself as such. It may be labeled as "intrusion prevention" software or "web acceleration" software. Some "pop-up blocker" software packages also use a proxy server. If you were using IIS Integrated Windows authentication and one or more of your users suddenly starts complaining that they are being repeatedly asked to enter their user name and password or are getting an "access denied" error, odds are that they are now using a firewall or proxy server (perhaps installed on their browser machine or in their network).
If you wish to use one of the IIS authentication mechanisms, we recommend using IIS Basic combined with SSL. This will allow your users to use any supported browser (including Firefox) and will work through firewalls and proxy servers. For further details on the differences between these choices, please consult the Microsoft Authentication documentation:
Windows Server 2012, IIS 8.0 and Windows Server 2012 R2, IIS 8.5
Windows Server 2008, IIS 7.0 and Windows Server 2008 R2, IIS 7.5
Windows Server 2003, IIS 6.0 In particular, we recommend the summary table in
this section.
After modifying the fields you wish to update, click on the Continue button.
Authentication Details
If you selected an option other than "NetResults Tracker" for the
Authentication field, you will be prompted to provide additional information
for the authentication configuration:
After creating the workgroup, you must still add a Tracker user account with the User ID that matches the Windows user account for each user who will use the workgroup. Please note that changes made to the user profile information in the user accounts in Tracker will not be reflected in Active Directory (and vice versa).
NetResults Tracker © 1997-2014 NetResults Corporation. All rights reserved.