When using Windows authentication in Bizagi, the Work Portal delegates the authentication to the Windows machine on the client's side (by relying on the Windows session which should be already validated against a domain).
For Bizagi Cloud, end users will be presented with a Bizagi login page.
A successful login happens if the inputted credentials are valid and if the user has been already created in Bizagi Work portal (passwords are not stored in Bizagi).
When using Windows authentication, ensure:
1. That the Bizagi Work portal's configuration in the IIS, is enabling both the Anonymous authentication and Windows authentication.
2. That browsers accessing Bizagi Work portal support Windows authentication as implemented by Microsoft.
For Bizagi Cloud projects, such authentication will not offer a SSO experience given that users will be in a different domain.
Follow these steps to set Windows authentication in your project.
1. Open your Bizagi Studio project.
Open Bizagi Studio and load your project (development environment).
2. Go to the security settings.
Click on the Expert view, and select the Security module.
3. Choose Windows authentication.
Click on Authentication in the middle panel, and ensure that the drop-down list at the rightmost panel shows Windows Authentication:
Click Update if you had a different choice before.
At this point you have configured authentication for your project, and there is no need to configure additional parameters.
For any type of authentication, you will need to ensure that users are created at Bizagi Work portal.
Disregarding the selected Authentication type for your Work Portal login, you may choose to configure a schedule in Bizagi to import and synchronize users from your LDAP Server into Bizagi.
For more information about this step, refer to LDAP synchronization.