Installation
Configure the web.config file
-
On your Snow License Manager application server, open C:\Program Files\Snow Software\Snow License Manager\Web\web.config.
-
Change these settings in the <appSettings> section:
<add key="UseWindowsAuthentication" value="true" />
<add key="LDAPUrl" value="[FQDN]" />
-
To enable automatic creation of users while using Active Directory integration together with Federated Authentication or to enable Automatic deletion of obsolete users, optionally change these settings in the <appSettings> section:
noteThe ADServiceAccountName is the [domain]\[sAMAccountName] or the User Principal Name (UPN).
<add key="ADServiceAccountName" value="[The name of the Active Directory service account]" />
<add key="ADServiceAccountPassword" value="[The password for the Active Directory service account]" />
For more information on how to correctly enable Windows Authentication in Snow License Manager, see Setting Up Windows Authentication. This is especially important when using the REST API of Snow License Manager, for example, together with Productivity Optimizer (formerly Automation Platform).
An LDAPUrl is required to read the names of Active Directory groups. An LDAPUrl example value is domaincontroller.company.local. This must be the relative Active Directory URL from where groups and users are read.
-
The LDAPUrl value enables a Snow License Manager application server that is not an Active Directory member to read Active Directory groups.
-
If single sign-on is already enabled in your environment, then <add key="UseWindowsAuthentication" value="true" /> is already entered in web.config. Do not change or remove it if you wish to retain single sign-on and Active Directory integration.
Create and add users to an Active Directory security group
-
In Active Directory, create a security group with a unique name.
-
Add users to the group.
-
Groups and users created in Active Directory are synchronized with Snow License Manager, not vice versa.
-
Active Directory groups with the following names are by default not included in the synchronization:
-
Administrators
-
License Administrators
-
Viewers
-
API Users
For more information, see Enable or disable synchronization of Active Directory groups.
-
Configure Snow Management and Configuration Center
All users in an Active Directory group are allowed to sign in to Snow License Manager. When a user signs in to Snow License Manager for the first time, a user account is created in Snow Management and Configuration Center.
If the group is excluded from Active Directory synchronization, the above does not apply. For more information, see Enable or disable synchronization of Active Directory groups.
To allow what users can see and do, configure Role/AD groups in Snow Management and Configuration Center and define the Active Directory groups that will be used:
-
Open and sign in to Snow Management and Configuration Center.
-
If a Service Provider Edition of Snow License Manager is used, select the customer for which you want to define a group.
-
On the Security menu, select Roles/AD groups.
-
Select New Role/AD group.
-
In the Name box, enter the name of the Active Directory group that you want to use. The name must match the group name in Active Directory.
-
In the Description box, enter a useful description that helps to remember what this group is for.
-
On the Object Security tab, select all checkboxes that apply.
-
On the Report Security tab, select all checkboxes that apply.
-
Select OK.
Sign in to Snow License Manager
When Active Directory users and security groups are integrated with Snow License Manager to manage users and roles via Active Directory, users must sign in using their [domain]\[sAMAccountName] or their User Principal Name (UPN).
When a user signs in to Snow License Manager for the first time, their Snow License Manager user account is created in Snow Management and Configuration Center, under Security and Users. They are also added to the Snow Management and Configuration Center roles that match their Active Directory group memberships. Their user name is the [domain]\[sAMAccountName] or the User Principal Name (UPN), and the other information is read from Active Directory.