cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
Acf2
Obsidian | Level 7 Acf2
Obsidian | Level 7

Windows Hello certificate-based authentication for SAS94

Posted 07-25-2024 12:55 PM (568 views)

Our organisation wants to replace Active Directory domain userid and password with Windows Hello. Can the SAS94 authentication provider on Windows Server 2019 be configured for Single Signon using the with this mechanism?  

Some concepts here : Implementing strong user authentication with Windows Hello for Business (microsoft.com)

Reply
4 REPLIES 4
SASKiwi
PROC Star SASKiwi
PROC Star

Re: Windows Hello certificate-based authentication for SAS94

Posted 07-25-2024 07:38 PM (511 views)  |   In reply to Acf2

This looks to me like a form of two-factor authentication. If this is just another step to getting you logged onto your computer via an AD account then SAS should be fine. If you no longer have an AD account, then this is absolutely problematic. You need to have an Active Directory account to connect to remote SAS servers for example. 

Reply
Acf2
Obsidian | Level 7 Acf2
Obsidian | Level 7

Re: Windows Hello certificate-based authentication for SAS94

Posted 07-26-2024 09:02 AM (447 views)  |   In reply to SASKiwi

Thanks.
I have been asked for an initial assessment and don't have many details yet. Since a lot of workload is moving from on-prem servers to Azure, I am assuming Azure Active Directory will replace our local domain controllers. SAS94 will stay local for at least the next 2 years.

 

0 Likes
Reply
JuanS_OCS
Amethyst | Level 16 JuanS_OCS
Amethyst | Level 16

Re: Windows Hello certificate-based authentication for SAS94

Posted 07-26-2024 07:06 AM (480 views)  |   In reply to Acf2

Hello @Acf2,

 

Windows Hello is just a MFA/Single Sign-On system in the Windows ecosystem, for your client machines.

In SAS 9.4, the main and supported SSO method (specially on windows) is Kerberos/IWA/NTLM. 

 

Since Kerberos is a requirement in Windows Hello, for as long as you configure Kerberos/IWA in SAS, SAS will have no trouble with the Authentication Method in your clients machines. The servers on Windows and SAS are able to pickup the Kerberos TGT ticket.

 

https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/deploy/on-...

Reply
Acf2
Obsidian | Level 7 Acf2
Obsidian | Level 7

Re: Windows Hello certificate-based authentication for SAS94

Posted 07-26-2024 08:51 AM (459 views)  |   In reply to JuanS_OCS
Thanks for the response. It looked like it was possible and I hope my organisation is prepared to support Kerberos/IWA/NTLM. For once, there is some budget....
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • ‎07-25-2024 12:55 PM
  • 569 views
  • 4 likes
  • 3 in conversation