BigTime supports an "integrated" login style which will allow the user to connect to the website based on their internal corporate network login. BigTime uses several features that are built in to IIS to accomplish this goal, so using integrated login is a little more complicated than using any of the other login styles. Here's a quick review of what you'll need to do to use that login style.
By default, BigTime uses the anonymous internet user to connect to the website. In other words, IIS doesn't care what your network login is, it grants you permission to see the website pages. We do this because the very first screen we show you (and the only screen you have rights to see initially) is the "login" page. Unless you login properly, BigTime won't let you see the rest of the site.
When you switch to integrated login style, you're asking BigTime to ignore the login page and substitute the user's network login as their "identification." If, for example, I'm logged into the corporate network as ABCCompany/JSmith, then BigTime should assume I'm JSmith and let me into the system as him (without making me enter my user name and password).
The first step in this process is telling the web server that it should allow ONLY users who are logged into the network to gain access to the website. You do that by switching the IIS "security" settings to use "windows integrated authentication" and not "anonymous access." You can make that switch in the Directory Security tab of your main BigTime folder's properties within IIS. Make sure you turn OFF anonymous access at the same time you turn ON integrated authentication.
BigTime grants the windows anonymous user the system rights it needs in order to run the program automatically as a part of the setup. If you're switching to integrated access, you'll need to make sure everyone who will need login access to BigTime is a valid user on the BigTime server and that they have the correct security rights for the files/folders BigTime needs.
We strongly recommend you create a security group with the following access rights and then make each new user on the system a member of that security group. This will ensure that each new user has all of the file/system rights they need in order to run the system properly.
The files that are installed by BigTime need to be accessed by your IIS user. We grant that user rights to these various directories when you install BigTime, Occasionally, however, the security settings on a server can be reset or altered.
If your system security settings need to be reset, then make sure that your internet user has the following minimum directory rights:
Type |
Location/Folder** |
Permission Required |
File |
c:\Program Files\BigTime\IIS
|
Read/Execute |
File |
c:\Program Files\BigTime\IIS\HTML\errors
|
Modify (read/write/etc.) |
File |
c:\Program Files\BigTime\IIS\HTML\log
|
Modify (read/write/etc.) |
File |
c:\Program Files\BigTime\IIS\HTML\lookups
|
Modify (read/write/etc.) |
File |
c:\Program Files\BigTime\IIS\HTML\TxnList
|
Modify (read/write/etc.) |
Registry |
HKLM\Software\Edison's Attic
|
Full Control |
File |
[Windows System]
|
Read/Execute |
File |
[Windows]
|
Read/Execute |
** Permissions should be applied to the main folder as well as its sub folders/files. |
Once you set the login style to "windows integrated," each staff member's General Info page will have a field for you to enter the network login for that staff member. Fill in the network user name (typically in the format [Domain]\[UserName]) for each of your staff members in order to set them up for an integrated login.
If a user's network login isn't spotted in the staff table, then BigTime won't let them login to the system. It will, instead, let them know that their user name isn't listed as a valid login. Note that you can use that login failure screen to determine exactly what login the system is seeing when the user logs in!
See Also |