Windows Integrated Authentication for PrismCore

There are two options for database authentication.
The standard method is using SQL Authentication, each time a user is created in PrismCore, a new user is created in SQL Server automatically. This SQL user is set with the appropriate permissions and is granted access to the PrismCore databases. The ability to do this requires that PrismCore super users (those able to create new users) are configured with security
administrator rights within SQL. In this mode, ODBC connections are configured to use the SQL
server authentication. When a user logs into PrismCore a database connection is made using that SQL username. The PrismCore username and SQL username are always the same in this model.

The second method is using Windows Integrated Authentication, creating a user in PrismCore does not automatically create a user in SQL Server. Users are granted access to SQL based on their Windows login credentials (see information in the next paragraph). When logging in to PrismCore, the PrismCore login name does not need to match the Windows login name. For consistency, it is recommended to use the same name, but it is not a requirement. Instructions for creating a PrismCore user are still the same. The only difference is that a SQL account is not created at the same time. Additionally, with this model, ODBC connections are configured to use Windows authentication rather than SQL Server authentication.
Above it was mentioned that with Windows Integrated Authentication, users are granted access to SQL based on their Windows logins. There are multiple ways to do this. One option is to go into the SQL Server Management Studio, add the Windows user individually, and assign him/her the appropriate rights. This would have to be done for each Windows user that needs access to PrismCore. Another solution is to create an operating system security group (local security or active directory) and include PrismCore users in that group. Within SQL Administrator, the appropriate rights are assigned once, to the group. Adding or removing a user to the security group grants or revokes access to the SQL resources needed for PrismCore.
As an example, the following instructions would be used to set up a new employee to access PrismCore using Windows Integrated Authentication. These instructions assume that a store has not set up an operating system group for PrismCore users, and that each user is granted access individually:
1. Create the Windows User:
a. Either within Active Directory, or on a local computer through Local Users, add a new user.
2. Add SQL Login:
a. Within SQL Management Studio, navigate to Security/Logins and add a new user.
The login name will match the Windows user (e.g. wpserver\jsmith) and the login should be configured for Windows authentication.
3. Grant Database Access:
a. Also in the SQL Management Studio, edit the properties of the user login and select "User Mapping". Grant the user the "public" role in the prism, prism_security, prism_trn, and prism1 databases.
4. Add PrismCore User:
a. Within WPAdmin, navigate to Inventory Control/Security/User Security and create a user and assign PrismCore groups. (While not required, NBC suggests using the same username in PrismCore as was used at the operating system level.)
Now, had an operating system group been configured previously for access to the PrismCore databases, the new user could be added to that group during step one and steps two and three could have been skipped.