With this authentication scenario, Users and Groups are created inside Kyubit application, by Kyubit administrator.
Kyubit User is prompted to enter his Kyubit credentials into login form, with option to be remembered by application (not having to supply credentials each time).
It is ideal authentication option, if preferred to avoid Windows account creation for end-users, for any reason.
If BI content is served over internet to outside users that are not part of the domain, this is recommended approach.
Recommended to be used with HTTPS.
Because certain data sources require Windows account to connect to data (SSAS, for example). Each Kyubit User could have optionally associated Windows account to be used while accessing data sources.
If Windows account is not associated, Windows account of Kyubit Application Pool in IIS will be used to access such data sources.
Ideal approach for access by external users, avoiding Windows account creation for each external user.
Easy to manage users and groups by Kyubit administrator.
Optionally associate Windows account to apply OLAP role based security.
How to configure
- First, while you are still working with Windows authentication, create initial Kyubit user and assign him administrative privilege. Administration -> Users -> Create User. Click on the user -> Set Admin Rights.
- Open your IIS -> Sites -> KyubitAnalysis -> Authentication. Enable 'Anonymous Authentication', while disable other authentication options.
Right click on 'Anonymous Authentication' -> Edit -> Set 'Application Pool Identity'
- Open your web.config file (C:\Program Files\Kyubit\BusinessIntelligence) and set "LoginForm" setting to "2".
<add key="LoginForm" value="2" />
- Login with created Kyubit user.