NTLM v2 Single Signon Authentication

The Архива console supports single-sign-on authentication with Windows using NTLM authentication. With NTLM SSO authentication enabled, there is no need for a user to manually log in to Архива. Users will be logged to the Архива console automatically using their Windows credentials.

Before enabling NTLM authentication, ensure that standard AD authentication (without NTLM authentication) is working correctly.

There are few necessary measures to ensure the correct functioning of the NTLM authentication feature:

1. Enable NTLM SSO authentication in Configuration->Logins.
2. There must be a matching role assignment in Архива for each Windows domain user where access to Архива is intended
3. From the connecting user’s client computer, the Архива server must be addressable by fully qualified domain name (FQDN) (e.g. mailarchiva.smallbusiness.local)
4. The address containing the FQDN of the Архива server must be added as a trusted site in Internet Explorer’s Local Intranet security zone
   

   To do this, click Tools->Internet Options->Security->Local Intranet->Sites->Advanced. Type in the address of the Архива server (e.g.http://mailarchiva.smallbusiness.local).

   Icon

   Do not use the IP address of the server – it will not work!

   For test purposes, the Архива server’s FQDN can be added to hosts file of the client computer. On condition that all four of the above conditions are met, when entering the Архива console URL, users will be logged in automatically.
   
   

   Icon

   When NTLM authentication is enabled, to explicitly login as the master user or another user, it is necessary to specify the URL equivalent ofhttp://mailarchiva.smallbusiness.local/signonform.do

   
   The easiest way is to implement NTLM authentication on every workstation in the company is by adding the fully qualified domain name of the Архива server to the following registry key in Microsoft’s Group Policy Editor: 

    

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

    

   
   

5. Server Restart Required: After enabling NTLM in Configuration->Logins, a restart of the Архива Server Service is required! Please restart the Архива server service.
6. To access the search interface and experience SSO, open the browser and enter the equivalent of http://mailarchiva.smallbusiness.local/outlook.do in the browser. (note the outlook.do is required (will also be applied to \ in future versions)
   
   

If after completing the above steps, NTLM SSO authentication fails to work, please refer to NTLM Troubleshooting Steps.