02-27-2017 04:20 AM
As we know EG client can use Windows User login to the SAS Server on Windows Server OS. Now, the customer hope that the login operation accomplished on their own system. So SSO is needed.
Is there a way can do that on EG?
02-27-2017 08:34 AM
You're talking about "Integrated Windows Authentication" -- yes, it's possible. This requires some admin work on the SAS environment to configure the permissions and (perhaps) an authentication provider. See the SAS Enterprise Guide instructions here, and follow the links within to the admin guide for more details.
03-03-2017 12:35 AM
I have tried using IWA to login on the SAS Server. But If the SAS Server is deployed on machine A, and the EG Client is installed on the Machine B. The EG Client can't login on the SAS Server with IWA. Because the system account of Machine B is not related to Machine A. So, If EG Client and SAS Server are installed on different Machine, is there a way to do it? (SSO)
03-03-2017 12:52 AM
Check out this blog posts on SAS and IWA that might help - https://platformadmin.com/blogs/paul/2012/01/sas-and-iwa-two-hops/
03-03-2017 01:20 AM
As long as Machine A and Machine B are either in the same Windows domain or are in domains that have a trust relationship, then you should be able to configure IWA. For more info on potential limitations have a look at the Integrated Windows Authentication section of the SAS 9.4 Intelligence Platform: Security Administration Guide.
If the Windows side of things has been configured ok then some of the other common things that can prevent IWA logins working as expected include:
When implementing IWA, it is well worth considering getting help from SAS Professional Services or a local SAS Partner. When IWA is operational it works very well, but making sure all the various platform components are configured correctly for IWA can tricky, time consuming and involve lots of troubleshooting. Getting help from someone that already has this experience can save you a lot of time.
02-27-2017 03:14 PM
One complication you need to watch out for is if you have any EG data sources pointing to databases also using IWA. If you do then additional server security configuration will be required to enable delegation of EG IWA to the data sources.