Setting up Active Directory Integration

Owned by Stuart Morris (Unlicensed)
Last updated: Feb 25, 2020 by Austin GrahamVersion comment
3 min read

This guide is for systems that wish to use Active Directory to manage users and group memberships.  Forms inMotion can automatically create users and assign them to appropriate groups to mimic your Active Directory configuration if the following steps are followed.

Step-by-step guide

  1. Open Internet Information Services (IIS) Manager
  2. Select Authentication in the right-hand menu
  3. Select "Anonymous Authentication" and click "Disable" on the far-right side menu, then select "Windows Authentication" and click "Enable" in the far-right side menu.  When complete, the authentication pane should look similar to this:
     
  4. If you don't see Windows Authentication in that list, don't panic... it is not installed in IIS by default.  You can add the Windows Authentication Role Service with these instructions from Microsoft. http://www.iis.net/configreference/system.webserver/security/authentication/windowsauthentication/providers/add

  5. Now you need to tell the FiM Server to use AD Authentication.  This is a node to be added to the web.config file called authenticationmethod.  Make sure you specify the default instance.  Using the 10000 default will be fine for most cases but you will get an invalid licensing warning otherwise. An example of this is in the full web.config file seen below:

    authenticationmethod
    <?xml version="1.0"?>
<configuration>
 <configSections>
		<section name="formsinMotionConfiguration" type="KeyMark.Forms.Settings.FormsinMotionConfiguration, FormsBuilderServer, Version=1.7.0.639, Culture=neutral, PublicKeyToken=null"/>
	</configSections>
	<formsinMotionConfiguration xmlns="urn:FormsBuilderServer" >
      <authenticationmethod type="ad" addefaultinstance="10000" domain="DOMAINNAME"/>
      <debug debugfile="c:\formsserverdebug.txt" level="4"/>
    <email smtpserver="****" smtpport="25" smtpuser="" smtppass="" smtpsenderaddress="FORMS-INMOTION-DO-NOT-REPLY@*****"/>
      <queryDefinitions>
        </queryDefinitions>
	</formsinMotionConfiguration>
  <connectionStrings>
    <add name="formsserver" providerName="System.Data.SqlClient" connectionString="Data Source=*****; Initial Catalog=*****;User Id=*****;Password=*****;"/>
  </connectionStrings>
  <system.web.extensions>
    <scripting>
      <webServices>
        <jsonSerialization maxJsonLength="2147483647"/>
      </webServices>
    </scripting>
  </system.web.extensions>
  <system.web>
    <webServices>
      <protocols>
        <add name="HttpPost"/>
      </protocols>
    </webServices>
    <authentication mode="Windows"/>
  </system.web>
  <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
           <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
			<add name="Access-Control-Allow-Headers" value="Content-Type" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
</configuration>


To have an administrator account in a newly configured AD environment, first login with the desired AD credentials to create a related FIM account. Then using the instance manager set your newly added account as an administrator