NT LAN Manager (NTLM) is an authentication protocol used in an Active Directory single sign-on scheme. It enables you to set up your system to authenticate a user against a user ID and password held in Active Directory. To use this login method, you must be familiar with NTLM and Active Directory.

When you use NTLM to authenticate, the PRECISION application must be able to identify the users to associate them with roles and permissions. The PRECISION user profile setup contains a field that allows you to specify an alternative ID for that user. The alternative ID must match the user ID in Active Directory. The user can then sign on using the Active Directory user ID, which matches the alternative ID in the PRECISION user profile record.

The alternative ID can also be used for punch-out requests and when the Web UI is configured to run in a multi-tenanted hosted mode. In the precision.properties file, enable NTLM authentication and specify an Active Directory server and a domain. The following example enables NTLM authentication with one server and one domain.

In a large organization, you might have several servers for a domain to allow for failover. You might also run multiple domains and enable user access to any number of domains. The following example enables NTLM authentication with two domains and two servers for each domain.

Problems arise if Active Directory is not set up properly or the identity of the organization domain server is unclear. In such cases, further research of NTLM and Active Directory settings is required. In addition, verify that the user ID and password authenticated by Active Directory match the alternative ID in the user profile. Use log4j to log authentication as it takes place.