Enabling single sign-on to SharePoint 2007
SharePoint 2007 asks you to log in each time you visit a site or open a document. If your computer uses Microsoft Windows, you may be able to enable single sign-on to eliminate the need to log in to SharePoint. Single sign-on automatically uses the same credentials you used to log in to your computer to log you in to SharePoint. For this to work, two conditions must be met:
- Your computer must have been registered as a member of Boston University’s Active Directory. Most University-owned Windows-based computers are so registered, but you can easily check by following these steps:
- Click on the Start button in the lower left corner of your screen.
- Find My Computer or Computer in the right half of the menu that appears and right-click on it.
- In the drop-down menu that appears, left-click on Properties.
- In the window that appears, within the section about about your Computer Name, find the line labeled Domain:
- If you see ad.bu.edu or ad2.bu.edu your computer is a member of BU’s Active Directory.
- You must log in to your computer using your Active Directory account rather than an account local to your computer. Permissions in SharePoint are assigned to your Active Directory account, so the logins must match.
If you meet the conditions above, follow the instructions below to configure your browser — Internet Explorer (IE provides the most SharePoint functionality), Mozilla Firefox, or both — for single sign-on to SharePoint.
If your computer is not a member of BU’s Active Directory, you may still be able to reduce the number of times you are asked to authenticate. E.g., if you will be viewing several Word documents on SharePoint, keeping one of them open while you open and close others should reduce authentication requests.
Microsoft Internet Explorer (IE)
Enable single sign-on by adding BU’s SharePoint server to your Intranet Sites:
- Open Internet Explorer and, in the Tools pull-down menu, click on Internet Options.
- Within the Security Tab, choose Local intranet and then click the Sites button.
- Click the Advanced button.
- In the box at the top, labeled “Add this website to the zone:” enter the following address: https://share.bu.edu
- Click the Add button, then the Close button, then click OK to return to the Internet Options panel.
- Still within the Security tab, click the Custom level… button (bottom center) and scroll to the end of the list of settings. Under User Authentication, select Automatic logon only in Intranet zone. (This setting might not always work for people who use their AD2 password for authentication. If it doesn’t work for you, try selecting Automatic logon with current user name and password, instead.)
- Click OK, then OK again to close the remaining windows.
With Internet Explorer still open, ensure that Integrated Windows Authentication is enabled:
- Again in the Tools pull-down menu, click on Internet Options.
- Within the Advanced tab, scroll down to the Security section and make sure that the box for “Enable Integrated Windows Authentication” is checked. If it is not already checked, check it and then you must close and restart Internet Explorer before the change will take effect.
Note that Firefox does not provide all the functionality of Internet Explorer; e.g, you can edit documents directly from within IE, but not from other browsers. Whenever possible, use IE to access SharePoint.
- Open Firefox and, in the address bar where you would normally enter the website you wish to visit, enter about:config and press Enter.
- Enter network.automatic-ntlm-auth.trusted-uris in the Filter box at the top of the page.
- Double-click on the result, network.automatic-ntlm-auth.trusted-uris, to edit it.
- Enter share.bu.edu and click OK. If you have already defined other names in this list, you must separate each name with a comma (no space).
Once you have successfully configured your browser(s), you should no longer be prompted to log in to SharePoint.