To enable windows authentication for your site you need to configure your IIS site with the following settings.
- Anonymous Authentication - Disabled
- ASP.NET Impersonation - Disabled
- Forms Authentication - Disabled
- Windows Authentication - Enabled
You should also make sure your web.config contains the following:
<authentication mode="Windows" />
If you want to integrate with Active Directory the web server should be a member of the same Active Directory domain as the users of the application.
Active directory sync
If you want to keep the user profile information in Incentive in sync with your AD you should also enable the Active Directory Sync functionality. Just go to the url /manage/daemons/69adf35d-1b87-4363-bb23-8993cbfdb95a in your installation and click the "Enable" button.
Normally you can leave the Domain, Username and Password fields blank, but you should configure the schedule for how often you want the sync to run (running it once a day should be enough). You can also hit the "Run now" button to do a one-time sync.
The AD sync will read the following info from your AD and populate the corresponding fields of the Incentive user profile:
Note that this is a one way sync where data will be read from the AD and update Incentive and not the other way around. The sync will also only populate blank Incentive fields, so that if a user manually updates their Incentive profile it will not be overwritten by the sync.
Checking the "Sync Groups" checkbox will also import any AD groups that your users belong to (and make sure that the group membership of those groups are kept up to date).