About Windows Authentication Manager

The Windows Authentication feature allows users to log in to the AMS web interface using their existing Windows network user names and passwords. To enable this, you must install Authentication Manager on a local machine in your environment that validates a user’s credentials with the local Windows subsystem.

NOTE

When your organization uses Authentication Manager, user passwords are not synchronized from Active Directory to the data center. Authentication Manager validates credentials against the local Windows subsystem.

Depending on whether the credentials are valid, Authentication Manager takes various actions:

  • If the user’s credentials are correct according to the local Windows subsystem, the Authentication Manager reports this to the data center, and the user is allowed to log in to the Email Continuity web interface.
  • If the Windows subsystem determines that the login credentials are invalid, Email Continuity (and Windows, if applicable) increments the failed login count by one, and access to Email Continuity is denied.
  • If the Windows subsystem cannot determine if the login credentials are valid or invalid, the validation request is passed to a different Authentication Manager. The request is discarded if none of the Windows subsystems can determine if the credentials are valid or invalid, or if two minutes elapse, whichever comes first.

For more information, see Authentication Manager Status and Windows Authentication Prerequisites.