icon-pdfDownload PDF lhs-panel
lhs-panel Click here to expand

Single Sign-On

This section allows to configure Single Sign-On, which will allow users who are already authenticated with their Windows domain to automatically log in to Log360.

To enable single sign-on for multiple components and domains, follow the steps listed below

  • Navigate to Admin → Administration → Logon Settings.
  • Mark the check-box Enable Single-Sign On with Active Directory.
    • Note: To enable NTLMv2 SSO for ManageEngine Log360 and the integrated components in builds 5282 and above, you will have to download the Jespa JAR file and add it to the product's lib folder. For more information, click here. If you have already enabled NTLMv2 SSO, you can continue using the feature and no further actions are needed.
  • Select the components that you wish to enable single sign-on from the Select Components drop-down box.
    Note: The component will only be displayed if the component supports single sign-on.
  • Select the domains that you wish to enable single-sign on from the Select Domains drop-down box.
  • Click Save Settings.
    • Note:

    If Log360 is installed as a service, configure the service account with administrator privileges by following the steps listed below.

    • Click Start → run → services.msc.
    • Locate the service name Manageengine Log360.
    • Right click the service and select Properties → Log On.
    • Select This account and provide the credentials.

To modify existing single sign-on settings

  • Navigate to Admin → Administration → Logon Settings.
  • Click the edit-icon icon in the status column against the domain that you wish to modify the settings.
  • Enter the Computer Name and Password in the respective fields. Click on the Create this computer account in the domain check-box to create a computer with the entered credentials if it is already not present in the domain.
  • Click Advanced. If the DNS Servers and DNS Site are not filled automatically after entering the computer name and password, enter them manually.
  • Click Save.

To identify the DNS Server IP address:

  • Open Command Prompt from a machine belonging to the domain that you have selected
  • Type ipconfig /all and press enter
  • Use the first IP address displayed under DNS Server

To identify the DNS Site:

  • Open Active Directory Sites and Services in Active Directory
  • Expand the Sites and identify the Site in which the Domain Controller configured under the selected domain appear
  • Use the Site name for DNS Site

See the images below for reference.

DNS Server IP address

DNS Site

Troubleshooting steps for SSO

Please ensure that you have performed the following actions before troubleshooting.

  • Ensure that you have added the site to trusted site.
  • Ensure that you have added the technician in Log360 for the user which you have logged in your machine.
  • Ensure that you were not accessing Log360 Web Client in Workgroup Machine.
  • Ensure that you were accessing Log360 Web Client on the machine that belongs to the domain in which you configured SSO.
  • Ensure that you were not accessing the Log360 Web Client in Private or Incognito Window.

I. Change browser settings to allow Single Sign-On

Trusted sites are the sites with which NTLM authentication can occur seamlessly. If SSO has failed, then the most probable cause is that the Log360 URL isn't a part of your browser's trusted sites. Kindly add the Log360 URL in the trusted sites list. Follow the steps given below:

  1. Microsoft Edge
  2. Chrome
  3. Firefox
Note:
  1. It is recommended that you close all browser sessions after adding the URL to the trusted sites list for the changes to take effect.
  2. Google Chrome and Microsoft Edge use the same internet settings. Changing the settings either in Microsoft Edge or in Chrome will enable NTLM SSO in both browsers. It is again recommended to close both the browser sessions for the changes to be enabled.

Microsoft Edge

  1. Open Control Panel → click the Internet Options button.

  2. In the Internet options dialog box that opens, click the Security tab, and then click a security zone (Local intranet, Trusted sites, or Restricted sites).

  3. Click Sites.

  4. click on the advanced button and add the Log360 site in the list of intranet site.

  5. Click Close, and then click OK.

  6. Close all browser sessions and reopen your browser.

Chrome

  1. Open Chrome and click the Customize and control Google Chrome icon (3 horizontal lines icon on the far right of the Address bar).

  2. Click Settings, scroll to the bottom and click the Show advanced settings link.

  3. Under the Network section click Change proxy settings.

  4. In the Internet Properties dialog box that opens, navigate to the Security tab → Local Intranet, and then click Sites.

  5. Click Advanced and add the URL of Log360 in the list of intranet site.

  6. Click Close, and then OK.

  7. Close all browser sessions and reopen your browser.

Firefox

  1. Open Firefox web browser and type about:config in the address bar.

  2. Click I'll be careful, I promise in the warning window.

  3. In the Search field, type: network.automatic-ntlm-auth.trusted-uris.

  4. Double-click the "network.automatic-ntlm-auth.trusted-uris" preference and type the URL of Log360 in the prompt box. If there are sites already listed, type a comma and then the URL of Log360. Click OK to save the changes.

  5. Close all browser sessions and reopen your browser.

II. Check the computer account configuration

Status: Error in Creating Computer Account

sso-troubleshooting

This error can be due to any of the reasons listed below:

  1. Invalid domain credentials in Log360

    2. This could happen when the credentials of the user account specified in the domain settings section of Log360 are expired. To update the credentials and synchronize it with Log360, follow these steps:

    • Log into the Log360 web-console with admin credentials.

    • Navigate to the required component using the Apps Pane or the Jump to link.

    • Click on domain settings and update the domain credentials (i.e., username and password).

    • Synchronize the updated domain credentials with Log360 by navigating to Log360 → Admin tab and clicking on the Sync now button. 

  2. Domain controllers are not accessible from Log360

    3. When Log360 cannot reach the specified domain controllers (DCs), you must add another DC that it can access. the above error might occur. To do this:

    • Log into Log360 web-console with admin credentials.

    • Navigate to the required component through the Apps Pane or the Jump to link.

    • Click domain settings and specify the name of the relavent DC, and also the credentials of the account that the Log360 should use. 

    • Synchronize the updated domain controller with Log360 by navigating to Log360 → Admin tab and clicking on the Sync now button.

  3. Non-conformance to password policy

    4. When the password of the automatically created computer accounts for NTLM authentication does not meet the domain password policy settings, this error occurs. To resolve this issue, you need to create a computer account manually, with a password in accordance with the domain policy settings. To accomplish this, follow the steps given below:

    • Click the error message: 'Error in creating a new computer account', in the status column against the domain in which you wish to create a computer account.

    • Create a computer account manually by entering Computer Name and Password.

Copyright © 2020, ZOHO Corp. All Rights Reserved.

Get download link