RapidIdentity Product Guide

Active Directory Configuration

  1. Create a user in Active Directory to handle Kerberos Authentication.  The only requirements for this service account are:

    1. Select the option to prevent the user from changing their password

    2. Select the option to indicate that the user’s password never expires

    3. Select the option to not require Kerberos pre-authentication

  2. To add a Service Principal Name mapping for the service account, execute the following command in Powershell:

    1. setspn -a HTTP/{RapidIdentityURL} {KerberosUsername}

      1. RapidIdentityURL: The FQDN of your RapidIdentity server, for example “www.example.com”

      2. KerberosUsername: The username created previously in step 1a

In this section: