Configuring SPNEGO single sign-on for i2 Analyze

When you configure i2 Analyze to Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) single sign-on, users can access i2 Analyze without having to enter their credentials again. The users and groups in Active Directory become the users and groups that i2 Analyze recognizes and uses to drive authorization.

Intended audience

This section is intended for readers who are familiar with configuring and managing domain controllers, Microsoft Active Directory, and have an understanding of SPNEGO single sign-on.

There are many different single sign-on technologies. This section defines a SPNEGO single sign-on setup with workstations that are members of the same Microsoft Active Directory domain. i2 Analyze uses the users and groups in Active Directory to determine the authorization of users.

The instructions assume that the following prerequisites are installed and accessible:

  • A Microsoft Windows Server running an Active Directory Domain Controller and associated Kerberos Key Distribution Center (KDC).

  • A Microsoft Windows domain member (client) with a web browser that supports the SPNEGO authentication mechanism.

  • A working deployment of i2 Analyze that can be accessed by users in Active Directory.

For information on the prerequisites, see the Before you begin section of Configuring SPNEGO authentication.

Attention: i2 takes reasonable steps to verify the suitability of i2 Analyze for internet deployment. However, it does not address lower-level issues such as guarding networks against penetration, securing accounts, protecting against brute force attacks, configuring firewalls to avoid DoS or DDoS attacks, and the like. For your deployment of i2 Analyze, follow industry-standard practices and recommendations for protection of your systems. i2 accepts no liability for the consequences of such attacks on your systems. This information is not intended to provide instructions for managing key databases or certificates.