Information on Unified Login (sometimes referred to as Integrated Windows Security)

When using the Clarify Classic Client:

Unified Login (sometimes referred to as Integrated Windows Security) is a very useful feature built in the base Clarify product. It is only available for Windows clients, and only if the database is Microsoft SQL Server. But if you have this configuration, you might consider Unified Login.

Unified Login allows you to use your domain login (the login credentials you provided when you logged in to Windows) to log in to the Clarify system. It requires your domain user name be the same as your Clarify login name. If it is not, you cannot use this feature. When you use the feature, Clarify will automatically log in to the database for you. It is important to note the domain password and the Clarify password do NOT have to be the same. Only the user names must be the same.

To use Unified Login, you must do the following:

1.  Be using a Windows client.

2.  Be using MS SQL Server as your database.

3.  Configure your database (in Enterprise Manager) to use Integrated Security. There is full documentation for this in SQL Server.

4.  Add the auto_login line in your clarify.env file (auto_login=TRUE), but do NOT add your db_password line (db_password=<your password here>). When Clarify sees the auto_login line without a password, it knows to attempt Unified Login. Note that you must also have the login_name, server_name, and db_name parameters set in the clarify.env file.

Note: there are potential security issues with this. If you do not set up your domain security correctly (if you allow individual users to create new login IDs on their machines), you can have a security breach. For example, suppose that Joe and Fred both have login IDs in Clarify. Further suppose that Fred can create new users on his machine. If he creates one named “Joe” (with any password, remember that Unified Security does not validate passwords), then he can log in to Clarify as Joe. So it is crucial that if you use this feature that you properly set up your domain security.

When using the Dovetail SDK:

The FCSession object has a PasswordRequired property.

This property allows you to disable password validation when logging in
using the Login method. By default, this property is set to True,
meaning that a valid password must be supplied to the Login method. If
this property is set to False, then the login name is validated, but the
password is not. This property is useful when developing applications
that use their own validation mechanisms, such as an LDAP server.

• Dovetail SDK – Dovetail Software Development Kit for Clarify