SharePoint 2016, Sharepoint 2013, Sharepoint 2010, Windows Server 2012, Sql Server 2012,2014,IIS, Active Directory,User Profile Service, Managed MetaData Service, Search Service, Topology, Web Application, IIS, Site collection, List, Library, PowerShell, office web app, Windows Authentication, NTLM, Kerberos, Saml, ADFS, Active Directory Import, MIM, SharePoint 2016 Central Admin – Security – Specify authentication providers – SharePoint

SharePoint 2016 Central Admin – Security – Specify authentication providers

When you click on the Specify authentication providers link, you will be landed on Authentication Providers page. This page will give an option to the SharePoint administrator to change the authentication provider for one web application or multiple.

Specify authentication providers page’s direct link: /_admin/authenticationproviders.aspx

In SharePoint, we want to secure the data and implement a security mechanism. For this SharePoint has a user Authorization and Authentication method, which verify the identity of the users who is trying to login on the SharePoint, then it verifies the permission of the user who trying to access the SharePoint content. In order to authenticate the user, SharePoint user one of the authentication provider which authenticate the user. As per TechNet “An authentication provider issues the authenticated user a security token that encapsulates a set of claims-based assertions about the user and is used to verify a set of permissions that are assigned to the user.” Once user authenticated via provider then SharePoint authorized the user if he has permission to check the requested content or not.

SharePoint support multiple authenticated provider.

  • Windows claims
  • Security Assertion Markup Language (SAML)-based claims
  • Forms-based authentication claims

On this page, we have an option where we can change the authentication provider of a given Application.

Note: If you want to change the authentication provider then make sure infrastructure already in place otherwise if you change the authentication provider, it will not work. I.e. If you want to implement the Windows Claims with Kerberos then make sure Kerberos infrastructure is in place ( SQL configuration for Kerberos, SPN for SharePoint web application). This page only gives you the option to change the authentication provider not to configure it.

On this page, we have other options as well, like enabling anonymous access, enable client integration but these are not the scope of the this article.

To Change Authentication Provider

In this step, we will change the Windows authentication from NTLM to Kerberos, We already created SPN for it. Please follow the below steps.

  • Login to Central admin with account member of farm administrator group and also the local admin on the server.
  • Go to the Security -> Click on Authentication Provider
  • On this page select the correct web application. To change the Web Application click on a drop-down arrow and click Change Web Application.

  • Select the correct the web application. I.e. Public in our example.
  • On this Page, You will see authentication provider for all zone if configured. In our example, we are going to change the Authentication provider Default zone. Click on Default.
  • On this Page, please leave all the following options as is. These are not a scope of this article.
    • Web Application: make sure correct web application selected
    • Zone: make sure correct zone selected
    • Anonymous Access: leave as is, as we are not going to change it.
    • Client Object Model Permissions requirement: leave it default.
  • In the Claim Authentication Type, Please click the drop-down under Integrated Windows Authentication (1) and Click on Negotiate (Kerberos)Leave all other options as is, we are not going to change it to FBA or SAML.
  • Leave Client Integration as is, and Click Save.
  • Now wait a couple of minutes and it will return to Authentication provider page after successful configuration.

This concludes today’s article about how to change the Authentication provider for a web application in SharePoint.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *