Hi Gabe,

Thanks a lot for your response. Agree with your suggestion of launching Blue Prism using the option "Run as different user".  So would it be correct to conclude that using connection mode: WCF Message Encryption with Windows Authentication, it would not be possible to connect to BP server when user has logged in to client VM using local account?

More details on my current setup:

• Have only 1 db connection that uses Windows authentication (service account : let's call it BP01 )to authenticate against database 
• Have only 1 corresponding server connection (default) configured in the app server - BPserver.exe
• Running Blue Prism service with log as set to BP01
• Selected multi-authentication while creating database
• Enabled Active Directory Authentication in Sign-on Settings under Systems tab
• Added BP01 as System Administrator 
• BP01 has admin permissions on the app server as well
• BP version: v7.0

I am not sure if above qualifies to be a true multi-authentication set up, although i did chose that option while creating the database. May I get your help to clarify a bit more on what would be the exact configuration requirement? The documentation says that multiple authentication environments (native+sso) can be configured, but only one can be accessed at a time. Does it mean that I need to configure separate connections for each type of authentication?  It would be extremely helpful if you could provide some insight on how to set up a true multi-authentication environment or point me to document/guide where the steps are provided. The Online help document is helpful but does not provide configuration steps.

Thanks a lot for your help so far.

Regards,
Shruti

------------------------------
Shruti Taywade
------------------------------

@gmarquez​

------------------------------
Shruti Taywade
------------------------------

Hi Shruti,

This has nothing to do with the WCF connection mode. This has to do with the authentication settings. When you are in mixed authentication, you can log in with Blue Prism user credentials or SSO with Active Directory. Since you are logging in locally, you would have to give that local user a Blue Prism credential login; if this user doesn't have Blue Prism credentials then they would have to click on the SSO button to login with Active Directory but this would fail since the local user doesn't have an AD account.

Mixed authentication doesn't mean that you can login as a local user and then use your SSO to connect to Blue Prism. Mixed authentication just gives the administrators the option to either have users login with Blue Prism credentials or SSO with Active Directory. We are offering Mixed Authentication as a way to allow companies who are currently on only Blue Prism Authentication, a way to convert users to SSO with Active Directory.

I hope that helps.



------------------------------
Gabe Marquez
Sr. Technical Consultant, Professional Services
Blue Prism
------------------------------

Hi @Gabe

THats exactly what my expectation is as well.
I.e. I am expecting the user to be able to login to blu prism with native credentials when user is logged in to VM with local account. Whereas when user logs in to VM with ad account should be able to login to blue prism using sso. However the actual behaviour is slightly different. ​The user is able to login to BP using Sso when logged in to VM using AD Account. However when user logs in to VM using Local account is unable to login to BP even with native credentials because of the  error as mentioned in above message.

------------------------------
Shruti Taywade
------------------------------

@gmarquez ​

------------------------------
Shruti Taywade
------------------------------