Explicit Authentication For Reports

Version 3

    Verified Product Versions

    Endpoint Manager 2016.xEndpoint Manager 2017.x



    This document goes over configuring explicit authentication for Reporting in LDMS. This impacts web-viewed reports, such as reports run from the web console, and ERP Reports.




    Open IIS Manager and drill down to the "remote" site.


    Select the "Report" folder under the "Remote" site.


    Double click the "Authentication" action item and then right click "Basic Authentication" and click "Enable". Right click "Windows Authentication" and select "Disable"




    Head back to the "Report" folder and select "Authorization Rules". This is where you'll configure access.


    By default there will be an Allow rule for All Users. Go ahead and right click that and then remove it.


    Next, right click the open space and select "Add Allow Rule". In here, you can allow specific users, specific groups, roles, etc. In the example below I'm allowing domain administrators.



    After this is done, you should now see that people attempting to access web reports are prompted to login. If they don't meet the criteria in the authorization rules, access will be denied. Below is an example of both when accessing an ERP Report, one with a member of Domain Admins, and one with a user that is not.








    Note that the full impact of switching to Basic Authentication has not yet been measured. If you run into any issues, please inform Ivanti Support.