Creating administrative users in Composite

This document describes how new users are created in Composite on sites that use Windows Integrated Authentication. The process depends on the way the Composite solution is hosted.

Sites that use Forms authentication do not require the steps described below - please consult the Composite User Manual on how to administrate users on sites that use Forms authentication.

When Composite is hosted by an ISP

If your Composite solution is hosted by an ISP you should contact the ISP to get new logins. The steps needed in order to create a new user require administrative privileges to the server, which only the ISP has.

Creating the user

When creating a new user, you need to determine if the user already own a valid Windows account that can be used.

In Intranet environments the user desktops and the Intranet web server typically live in the same Active Directory, and as such a valid Windows account exists. If you are uncertain weather this is the case, you should check what domain the server hosting Composite belongs to.

Typically servers located in a DMZ are unable to communicate with the corporate Active Directory. Is this case, users Windows accounts are typically located on the local server (managed by selecting “Manage” on “My Composite” while logged on to the server).

Step 1, creating a Windows account

If the user already owns a valid Windows account that the Composite server can recognize, this step can be skipped.

Create the user, either on the local server on the Active Directory the server belongs to. If the server is configured to run in a work group, create the user locally.

Step 2, add the user to the Composite user list

Log in to the Composite administrative module, browse to the Users tab and click the “Add user” icon in the toolbar.

Specify the users name in the “Name” field and Windows login in the “Windows login” field.

Specify any special privileges the user should have in Composite (please see the User Manual for details) and save.

At this point the user should be able to login to Composite administrative module

Technical background

Composite does not contain its own username / password database, but instead uses Windows Authentication to authenticate users. This means that for a user to gain access to the administrative module of Composite the user must be able to authenticate against the Windows Server as a minimum.

Once the user has been authenticated by Windows, Composite will query its local user list to see if a user with a matching Windows Login exists. The Composite user list is located on the “Users” tab in the administrative module.

When the Windows Authentication takes place, the user is either authenticated as a user on the Local machine or as a user in the Active Directory.

Microsoft Internet Information Server is responsible for the authentication. The actual user database being used (local vs. Active Directory) depends on the server / IIS configuration. Typically servers located in a DMZ are unable to communicate with the corporate Active Directory, in which case the only option is to store the users on the local systems.

Using the IIS Management Console, you can view the “Directory Security” settings for the IIS Application “Administration” and see what method of authentication is used, what default domain is used if Basic Authentication is used etc.

You can read more about IIS Authentication here:

• http://www.microsoft.com/windows2000/en/server/iis/default.asp?url=/windows2000/en/server/iis/htm/core/iiauths.htm
• http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconIISAuthentication.asp
• http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx