6.6.6. Single Sign-On

Single Sign-On (SSO) is an additional feature of Active Directory that allows users to log in to Windows once, and then login to MediaWorks DX™ directly from a URL or by checking a box on the login prompt. The recorder will check with the domain for authentication and log the current Windows user into the system.

For users to log in with SSO, it must be enabled on the recorder. Enabling or disabling SSO will require a recorder reboot to take effect.

To use SSO the recorder must have a fully qualified domain name (FQDN), such as NLRecorder.contoso.net because Active Directory authenticates against the FQDN and not an IP address.

Domain Settings - Single Sign-On

Fig. 6.8 Domain Settings - Single Sign-On

To enable SSO, navigate to Users and Security → Active Directory → Domain Settings then check the Enable Single Sign-On checkbox and reboot the recorder. To disable, uncheck the box and reboot.

Single Sign-On support is browser dependent and each browser may have different security configurations to support it. Included in the next sections are configuration options for the most common web browsers.

6.6.6.1. Brave Browser

The Brave browser can be configured by editing the registry directly on a PC, or by deploying the registry change to multiple workstations via Group Policy.

Use HKLM to apply the setting to all users of the PC, or HKCU for specific users. For the value, you can separate multiple server names with commas. Wildcards (*) are allowed.

Table 6.1 Brave Browser Registry Settings

Registry Hive

HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER

Registry Path

Software\Policies\BraveSoftware\Brave

Value Name

AuthNegotiateDelegateWhitelist

Value Type

REG_SZ

Example Value

NLRecorder.contoso.net, recorder.contoso.net

6.6.6.2. Google Chrome

Google Chrome can be configured by editing the registry directly on a PC, or by deploying the registry change to multiple workstations via Group Policy.

Use HKLM to apply the setting to all users of the PC, or HKCU for specific users. For the value, you can separate multiple server names with commas. Wildcards (*) are allowed.

Table 6.2 Google Chrome Registry Settings

Registry Hive

HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER

Registry Path

Software\Policies\Google\Chrome

Value Name

AuthNegotiateDelegateWhitelist

Value Type

REG_SZ

Example Value

NLRecorder.contoso.net, recorder.contoso.net

6.6.6.3. Microsoft Edge (Chromium)

The Chromium based Microsoft Edge browser can be configured by editing the registry directly on a PC, or by deploying the registry change to multiple workstations via Group Policy.

Use HKLM to apply the setting to all users of the PC, or HKCU for specific users. For the value, you can separate multiple server names with commas. Wildcards (*) are allowed.

Table 6.3 Microsoft Edge (Chromium) Browser Registry Settings

Registry Hive

HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER

Registry Path

Software\Policies\Microsoft\Edge

Value Name

AuthNegotiateDelegateAllowlist

Value Type

REG_SZ

Example Value

NLRecorder.contoso.net, recorder.contoso.net

6.6.6.4. Mozilla Firefox

The Mozilla Firefox browser can be configured by editing the registry directly on a PC, deploying the registry change or Firefox template to multiple workstations via Group Policy, or directly within the Firefox interface.

Firefox Interface

  1. Open Mozilla Firefox and navigate to the URL: about:config.

  2. If a warning page appears with the message: Proceed with Caution, click Accept the Risk and Continue.

  3. Locate and double-click on the network.automatic-ntlm-auth.trusted-uris.

  4. In the value field, enter the URL address used to access the recorder (ex. NLRecorder.contoso.net). For the value, you can separate multiple server names with commas.

  5. Click .

  6. Locate and double-click on the network.negotiate-auth.trusted-uris.

  7. In the value field, enter the URL address used to access the recorder (ex. NLRecorder.contoso.net). For the value, you can separate multiple server names with commas.

  8. Click .

  9. Exit and reopen Firefox.

Firefox Registry

Configuring Firefox via the Windows registry requires an addition to two paths.

Table 6.4 Mozilla Firefox Browser Registry Settings - NTLM

Registry Hive

HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER

Registry Path

Software\Policies\Mozilla\Firefox\Authentication\NTLM

Value Name

1 (increase number for each entry)

Value Type

REG_SZ

Example Value

NLRecorder.contoso.net

Table 6.5 Mozilla Firefox Browser Registry Settings - SPNEGO

Registry Hive

HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER

Registry Path

Software\Policies\Mozilla\Firefox\Authentication\SPNEGO

Value Name

1 (increase number for each entry)

Value Type

REG_SZ

Example Value

NLRecorder.contoso.net