BookmarkSubscribeRSS Feed
Acf2
Obsidian | Level 7

Our organisation wants to replace Active Directory domain userid and password with Windows Hello. Can the SAS94 authentication provider on Windows Server 2019 be configured for Single Signon using the with this mechanism?  

Some concepts here : Implementing strong user authentication with Windows Hello for Business (microsoft.com)

4 REPLIES 4
SASKiwi
PROC Star

This looks to me like a form of two-factor authentication. If this is just another step to getting you logged onto your computer via an AD account then SAS should be fine. If you no longer have an AD account, then this is absolutely problematic. You need to have an Active Directory account to connect to remote SAS servers for example. 

Acf2
Obsidian | Level 7

Thanks.
I have been asked for an initial assessment and don't have many details yet. Since a lot of workload is moving from on-prem servers to Azure, I am assuming Azure Active Directory will replace our local domain controllers. SAS94 will stay local for at least the next 2 years.

 

JuanS_OCS
Azurite | Level 17

Hello @Acf2,

 

Windows Hello is just a MFA/Single Sign-On system in the Windows ecosystem, for your client machines.

In SAS 9.4, the main and supported SSO method (specially on windows) is Kerberos/IWA/NTLM. 

 

Since Kerberos is a requirement in Windows Hello, for as long as you configure Kerberos/IWA in SAS, SAS will have no trouble with the Authentication Method in your clients machines. The servers on Windows and SAS are able to pickup the Kerberos TGT ticket.

 

https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/deploy/on-...

Acf2
Obsidian | Level 7
Thanks for the response. It looked like it was possible and I hope my organisation is prepared to support Kerberos/IWA/NTLM. For once, there is some budget....

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • 1416 views
  • 4 likes
  • 3 in conversation