SOLIDWORKS PDM and Windows Authentication Smart Cards

Article by Francisco Guzman on Sep 18, 2019

Many companies that require the use of Windows Authentication Smart Cards have inquired about SOLIDWORKS PDM integrability into this authentication system. Although PDM is not currently designed to integrate with this authentication system, it is possible to Authenticate with the Smart Card into Windows then use PDM automatic logins to log into the vault. This guide will provide the required information necessary to implement. Limitations of this method of authenticating to PDM will also be discussed. 

SOLIDWORKS PDM Configuration Requirements

  1.  Configure the archive server to use Windows Login. This allows Active Directory to sync profile names and passwords with PDM accounts. Set Automatic login to prevent prompts for passwords. Since the user is already authenticated to Windows using Smart Cards, they can simply open their PDM Vault View by double-clicking on the icon without a redundant prompt for a password.

    This dialog is found under: 

    Archive Server Machine > Start Menu > search Archive Server Configuration > Click on Default Settings gear > Default login type to set radio buttons below.

    To add the domain group where the PDM user is, Click on “Settings…” button.

    solidworks pdm configuration requirements smart card

    Note that if you are using vault-specific settings, you need to open the properties of your vault of interest - as opposed to “Default Settings.”

    solidworks pdm archive server smart card properties

  2. Create a PDM user from Domain account.

    Open the Administration tool and select “New User”. Click on list users to list the profiles from the active directory group you have configured in step 1. Proceed with the prompts for creating the user.

    create pdm user from domain account
    solidworks pdm add users list windows users

    If creating an administrator provide appropriate PDM administrator permissions. The most important one for a PDM admin is to see the administration tool. Otherwise, the user will be prompted for a password to log in to the Administration tool as someone else that does have permission to see the Administration tool but is not the Windows Smart Card authenticated user.

    solidworks pdm FCO properties administrative permissions

  3. Select “Server Default” under Settings in Administration tool. This will allow for automatic login to the Vault View to function. Found in: Administration Tool > Settings.

    solidworks pdm server default settings

  4. The Client should now be able to authenticate into Windows using Smart Card. Then be able to enter their vault view using their authenticated Windows User. 
  5. Note that PDM Standard vaults cannot use Active Directory as part of an intended limitation. This means that in order for the PDM Standard User to log in to the vault view after authenticating in Windows through Smart Card, the password for the “native” PDM account must be used at least once by someone with authority for automatic login thereafter. Depending on your security requirements, this may not be useful if you require full authentication through a Smart Card alone. In this scenario, you need a SOLIDWORKS PDM Professional vault, not a PDM Standard vault.

    solidworks pdm windows authentication smart cards

Opening the SOLIDWORKS PDM Administration tool 

Some organizations solely authenticate to their Windows using Smart Cards and do not provide the end-user with passwords. In order for these organizations to access the PDM Administration tool, they must open the administration tool via PDM Vault View.

opening the solidworks pdm administration tool

Requirements to open Administration tool with Smart Card Authentication

  • Active Directory use is necessary, therefore, SOLIDWORKS PDM Professional is needed.
    • Since Smart Cards are for Active Directory accounts, this does not work when mixing with “native” PDM Clients nor using PDM Standard Vaults.
    • The setting spoken above ins #5 is only for the PDM Vault View and not for auto-login to the Administration tool. 
  • Server default is to have windows logins and automatic logins 
  • Client settings are set to server default 
  • PDM User profile is an Active Directory profile.

Related PDM tutorials

How to Merge Groups in SOLIDWORKS PDM 

Using Conditional Notifications in SOLIDWORKS PDM

Search Cache While Working Offline in SOLIDWORKS PDM

Feature Feud: SOLIDWORKS PDM Rollback vs. Checking in a Previous Version

 

About Francisco Guzman

Francisco Guzman is the PDM Technical Support Lead at GoEngineer, and is pursuing his degree in mechanical engineering at the University of Utah. In addition to providing guidance and support to SOLIDWORKS and SOLIDWORKS PDM customers, Francisco also provides support for DriveWorks design automation. He won the world-wide DriveWorks reseller CPD contest as the best DriveWorks AE for 2015. For fun, he designs, 3D-Prints, builds and races custom first-person-view (FPV) racing drone frames.

View all posts by Francisco Guzman