thewealthworks Customer Support Portal

Enabling Single Sign-On

To use Windows Authentication login credentials to log straight into WealthWorks+,  you will first need to configure the Troika database with this information. Either from within Troika, Utilities, User Groups - Edit, or from within WealthWorks+, Options, System Administration, Users, amend each user login to have their correct Windows User details within it.

Enter the Windows User Name in Down-Level format. For example, DOMAIN\Username. This will enable Single Sign-on for the user. Within Troika, you can use the CTRL W shortcut to populate this information for you, using the credentials of the logged in user. If the Windows User is not entered, the user will need to login using their initials and password.

Once done, Internet Information Services (IIS) also needs to also be configured to allow this. You will require IT assistance to complete this.

Within IIS, navigate to the WealthWorks+ website and virtual directory. Select the Authentication settings option. Both the 'Anonymous Authentication' and 'Windows Authentication' should be Enabled, everything else should be Disabled. It is also advisable to check the web.config file located in the webserver default location of C:\inetpub\wwroot\WealthWorksPlus for the authentication mode setting. The entry should read:

<authentication mode="Windows">.  

If you have multiple sites and versions of WW+, ensure you are checking the correct web.config file. You can confirm the path to the web.config file from within IIS by selecting the virtual directory and clicking Basic Settings on the right hand side. They physical path is displayed and this is the location of the web.config file.

Recycle the application pool for the WealthWorksPlus application to complete the change.

This will enable Single Sign-on to be used. If required, please contact support for further assistance.

Disabling Single Sign-On

To disable SSO and prevent users logging straight into WealthWorks+, the above changes need to be reversed. Users will need to enter their user initials and passwords to access the system after SSO has been disabled.

Within IIS, navigate to the WealthWorks+ website. and virtual directory. Select the Authentication settings option. The 'Anonymous Authentication' should be enabled and 'Windows Authentication' should be Disabled, everything else should be Disabled. It is also advisable to check the web.config file located in the webserver default location of C:\inetpub\wwroot\WealthWorksPlus for the authentication mode setting. The entry should read:

<authentication mode="Forms">

If you have multiple sites and versions of WW+, ensure you are checking the correct web.config file. You can confirm the path to the web.config file from within IIS by selecting the virtual directory and clicking Basic Settings on the right hand side. They physical path is displayed and this is the location of the web.config file.

Recycle the application pool for the WealthWorksPlus application to complete the change.

If the Windows User Names are left populated for each user account, users can still access Troika with SSO but not WW+. Remove the Windows User Names from each account as described above to prevent SSO from Troika too.