Requirement for IIS Basic Authentication role/service

craig_moore · ‎Oct 07, 2020

We are working on an FNMS implementation and getting some push back from IT security on enabling IIS basic authentication with PCI compliance in scope.

Web Server > Security > Basic Authentication (page 88 of install guide)

Web Server > Security > Windows Authentication

Anyone have details on specific details/functionality for requirement of basic authentication and a method to possibly disable?

Thanks

Craig

ChrisG · ‎Oct 07, 2020

If your environment is sufficiently tight that Windows Authentication will be able to be used for all the FlexNet Manager Suite virtual directories that get configured and used on the application server then I think you would be able to avoid installing the Basic Authentication feature. It is typical to use Windows Authentication on virtual directories, so that isn't too unusual.

What is slightly more unusual is not actually having the Basic Authentication feature installed as per the Installation Guide (even if it isn't actually used/enabled on any virtual directories), so you may want to do an install on a test system to verify that it is going to work and look out for any challenges. It is possible that there might be something in the installation process that expects the feature to be installed.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)