Support

Support for business applications

Kaspersky Security Center 14

Kaspersky Security Center Web Console

Configuring domain authentication by using the NTLM and Kerberos protocols

Kaspersky Security Center
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

Configuring domain authentication by using the NTLM and Kerberos protocols

April 17, 2024

ID 210700

Get as PDF

Kaspersky Security Center 14.2 enables you to use domain authentication in OpenAPI by using the NTLM and Kerberos protocols. Using domain authentication allows a Windows user to enable secure authentication in Kaspersky Security Center Web Console without having to re-enter the password on the corporate network (single sign-on).

Domain authentication in OpenAPI over the Kerberos protocol has the following restrictions:

  • The user of Kaspersky Security Center Web Console must be authenticated in Active Directory by using the Kerberos protocol. The user must have a valid Kerberos Ticket Granting Ticket (also referred to as a TGT). A TGT is issued automatically when you authenticate to the domain.
  • You must configure Kerberos authentication in the browser. For details, refer to the documentation of the browser you are using.

If you want to use domain authentication by using Kerberos protocols, your network must meet the following conditions:

  • Administration Server must be run under the domain account name.
  • Kaspersky Security Center Web Console Server must be installed on the same device where the Administration Server is installed.
  • You must specify the following Service Principal Names (SPN) for the Administration Server account:
    • "http/<server.fqnd.name>"
    • "http/<server>"

    Here, <server> is the network name of the Administration Server device, and <server.fqnd.name> is the FQDN name of the Administration Server device.

  • When connecting to the Administration Console or Kaspersky Security Center Web Console, the Administration Server address must be specified exactly as the address for which the Service Principal Name (SPN) is registered. You can specify either <server.fqnd.name> or <server>.
  • For a password-free login, the browser process in which the Kaspersky Security Center Web Console is open as browser must run under a domain account.

Kerberos and NTLM protocols are only supported in OpenAPI for Kaspersky Security Center 14.2. They are not supported in OpenAPI for Kaspersky Security Center Linux.

Kaspersky Security Center: Optimization of daily routine tasks
A powerful administration console, with an additional flexible web-based interface that’s available wherever you are. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.