Introduction
Kepion provides simple but secure access through single sign-on (SSO) with Windows. This article shows how to set up SSO with Windows, allowing you to better manage and secure your users' login credentials.
Account types
There are two types of Windows accounts with which you can sign in to Kepion:
- Domain account: Domain accounts (domain-name\username) are when a user's login credentials are stored on a domain controller. The Kepion web server must be joined with the customer's domain for users to sign in with their domain account. Contact your IT department if you cannot access Kepion with your domain account.
- Local machine account: Local machine accounts (machine-name\username) are when a user's login credentials are stored on the machine. We create local machine accounts in certain situations or for specific users. For example, we have created local machine accounts for users to access an app before it goes live. Another example is that we can create a local machine account for our admin to access Kepion when there's an issue with the domain connection.
Configuration
1. Go to Windows and select Edit.
2. Select Enable for sign-in.
3. Select your preferred option from the Mode dropdown:
- Windows Standard: Users can use Integrated Windows Authentication (IWA) or sign in with their entered Windows credentials.
- Windows Limited: Users can sign in with their entered Windows credentials.
4. (Optional) Enter a number in hours for Session Timeout. If left empty, the session timeout is set to 168 hours (7 days).
Tip: Enter decimals if you need to set the session timeout to smaller units than hours (e.g., 7.5 hours for 7 hours and 30 minutes).
5. Select Save.
Next steps
You're all done! Ensure users test their Kepion access to verify you've configured SSO correctly.