Many companies that require the use of Windows Authentication Smart Cards have inquired about SOLIDWORKS PDM integrability into this authentication system. Although PDM is not currently designed to integrate with this authentication system, it is possible to Authenticate with the Smart Card into Windows then use PDM automatic logins to log into the vault. This guide will provide the required information necessary to implement. Limitations of this method of authenticating to PDM will also be discussed.
SOLIDWORKS PDM Configuration Requirements
- Configure the archive server to use Windows Login. This allows Active Directory to sync profile names and passwords with PDM accounts. Set Automatic login to prevent prompts for passwords. Since the user is already authenticated to Windows using Smart Cards, they can simply open their PDM Vault View by double-clicking on the icon without a redundant prompt for a password.
This dialog is found under:
Archive Server Machine > Start Menu > search Archive Server Configuration > Click on Default Settings gear > Default login type to set radio buttons below.
To add the domain group where the PDM user is, Click on “Settings…” button.
Note that if you are using vault-specific settings, you need to open the properties of your vault of interest - as opposed to “Default Settings.”
- Create a PDM user from Domain account.
Open the Administration tool and select “New User”. Click on list users to list the profiles from the active directory group you have configured in step 1. Proceed with the prompts for creating the user.
If creating an administrator provide appropriate PDM administrator permissions. The most important one for a PDM admin is to see the administration tool. Otherwise, the user will be prompted for a password to log in to the Administration tool as someone else that does have permission to see the Administration tool but is not the Windows Smart Card authenticated user.
- Select “Server Default” under Settings in Administration tool. This will allow for automatic login to the Vault View to function. Found in: Administration Tool > Settings.
- The Client should now be able to authenticate into Windows using Smart Card. Then be able to enter their vault view using their authenticated Windows User.
- Note that PDM Standard vaults cannot use Active Directory as part of an intended limitation. This means that in order for the PDM Standard User to log in to the vault view after authenticating in Windows through Smart Card, the password for the “native” PDM account must be used at least once by someone with authority for automatic login thereafter. Depending on your security requirements, this may not be useful if you require full authentication through a Smart Card alone. In this scenario, you need a SOLIDWORKS PDM Professional vault, not a PDM Standard vault.
Opening the SOLIDWORKS PDM Administration tool
Some organizations solely authenticate to their Windows using Smart Cards and do not provide the end-user with passwords. In order for these organizations to access the PDM Administration tool, they must open the administration tool via PDM Vault View.
Requirements to open Administration tool with Smart Card Authentication
- Active Directory use is necessary, therefore, SOLIDWORKS PDM Professional is needed.
- Since Smart Cards are for Active Directory accounts, this does not work when mixing with “native” PDM Clients nor using PDM Standard Vaults.
- The setting spoken above ins #5 is only for the PDM Vault View and not for auto-login to the Administration tool.
- Server default is to have windows logins and automatic logins
- Client settings are set to server default
- PDM User profile is an Active Directory profile.
Related PDM tutorials
How to Merge Groups in SOLIDWORKS PDM
Using Conditional Notifications in SOLIDWORKS PDM
Search Cache While Working Offline in SOLIDWORKS PDM
Feature Feud: SOLIDWORKS PDM Rollback vs. Checking in a Previous Version