The security audit log of shows login type =8 clear text for username and password. I am completely lost, how this can happen if IIS is set for enabled Windows Authentication with Negotiate as provider (and also Anonymous disabled).
In my case the site we are accessing is something like: https://scom.companyname.com with internal SSL cert.
All we need is single sign on (hopefully this is possible) if user logs in through IE, and not a clear text password.
Hi,
from my perspective it’s fine to use basic authentication if you add an internal certificate to IIS. - It works without problems.
To keep ourselves secure we use dedicated administrative accounts to manage servers and systems. It would be a big disadvantage for if our ‘office user id’ will be taken for a single sign on.
Imagine if an Admin infects his machine with a Virus, it would be terrible because he’d spread it among all machines …
As far I know the links for Open Access do not require any authentication so that just for viewing you’re not bothered with credentials.
Ruben
Squared Up never uses basic authentication or cleartext network logon. The two supported logon types are Windows Authentication or Forms Authentication, so I suspect that these logon events are not related to Squared Up.
Given the sensitive nature of the information, I would suggest opening ticket with the Squared Up support team to see if they can assist further.