1.877.833.1202

Single Sign On with Microsoft Active Directory

The Single Sign On (SSO) capability in the document management software allows the authentication of users through existing login credentials provided through Microsoft Active Directory integration.

In some instances, SSO may not work after the Active Directory Synchronization Module has been installed on the FileHold server. The FileHold Desktop Application (FDA) or Web Client throws an error of incorrect login and/or password when users attempt to log in using SSO. The cause of this problem with Single Sign On is the mismatch between the domain name in NetBIOS format versus Fully Qualified Domain Name (FDQN).

Use the following procedure to modify the Netbios Domain Name to remedy this issue. This article is intended for skilled Windows Server administrators. Applying this fix is covered by your AD Synchronization implementation and your FileCare Agreement. FileHold professional services are available for customers without a FileCare Policy.

TIP: The client and the FileHold server must both be in the same domain for SSO to work correctly.

To resolve the SSO issue

  1. Login to your Active Directory Services Interface as user with Administrative privileges.
  2. Go to Start > Programs > Administrative Tools > Active Directory Users and Computers.
  3. Right click on the domain and choose Properties. In the General tab, take note of the domain Netbios Name.

Active Directory SSO netbios domain name

  1. In Microsoft SQL ServerManagement Studio, select the ch_userrolemanager database and select the dbo.domains table.
  2. Modify the domain name column to match the domain in the NetBIOS.

Microsoft SQL Management Studio Domains table

  1. Shift and right-click on the Command Prompt, select Run as a Different User and run using the FileHold Service Account credentials.

Command prompt run as a different user

  1. Run the AD sync scheduled task in the command prompt to verify that there are no errors. Go to C:\Program files\FileHold Systems\Application Server\fileholdadm.
  2. Type the command:

fileholdadm/synchronize

  1. Close and re-open a supported browser and go to the FileHold log in page.
  2. Click Logon with Windows Authentication. You should be logged into FileHold automatically.
  3. In the FileHold Desktop Application, go to File > Connection Options. Select the option to Use my Windows account username and password to logon.

Checking for Windows Authentication in the Web Client

  1. Directly browse to the http://<HOSTNAME>/fh/FileHold/UserRoleManager/windowslogin.aspx . This assumes Windows authentication is set for windowslogin.aspx page in IIS correctly.

  2. If  you do not get a prompted for a username and password then windows authentication is working.
  3. If you get a prompt after entering the correct username and password and/or if the page is not coming up and throws 401 error then Windows authentication is not working. Read the following Microsoft articles for more information:

  1. If users do not want to be prompted to enter their username and password, then add the site host name (e.g. http:// filehost) to Internet Explorer's Local Intranet Zone. More information: