Simple Browser Settings for “Single Sign On”
This is a topic that I’m being asked about more and more frequently, so that’s a great reason to write a post! There are issues that crop up, multiple annoying authentication prompts, and even issues and errors with MS Office (and InfoPath) integration with SharePoint. The best part about this browser setting, is that it gets rid of your authentication prompts for SharePoint after the first login. First of all, I’ll show you the quick fix, and then I’ll let you know some of the issues that it solves.
This is really important for end users to know!
- First of all, what Internet Explorer (IE) security zone is your SharePoint site in? Go to your SharePoint site in IE.
- Open up the Internet Explorer Internet Options screen. Go to the Security tab:
- What zone is selected by default? Mine has Trusted Sites selected, so that’s how I know that’s the zone my site is in. I like to leave my internet zone with pretty high security settings, so for any SharePoint site I go to frequently, I usually add them to my Trusted Sites zone. If you’re on a corporate network, you may notice that your SharePoint site is already in the Local Intranet zone, which makes sense.
- For the zone that your SharePoint site is in, click the Custom Level button. (Again, I’m not recommending you do this for the Internet zone, but I’ll show you other options in a minute).
- After you click Custom Level, scroll all the way to the bottom. In the User Authentication section, select Automatic logon with current user name and password. Click OK.
- After you’ve done this, close and re-open your browser, then when you go to your SharePoint site, and when you log in at the authentication prompt, be sure to check the box to remember your credentials before clicking OK.
I use the trusted sites zone for SharePoint sites that I go to which aren’t necessarily on my intranet. To add sites to it, look at the screenshot at step 1 and click the Sites button there.
You don’t need to type the names of every single web app in the farm. You can simply use an asterisk. See in the example above, I put an asterisk there, and any site that has something.atrackspace.com will be covered. Notice that there are a couple of them in my list that I could have consolidated. So instead of my.contoso.com and rtm.contoso.com, I could just put *.contoso.com.
After you add your site to the list, click Close. Click OK on all screens. You also may want to go to the IE Compatibility View Settings screen, and add your SharePoint site there as well.
Why would you want to do all of this? Here are some issues that I’ve seen it fix:
- Dragging files into SharePoint libraries. If you’re not able to, this fixes it.
- This security prompt will go away. “Some files contain viruses that can be harmful to your computer. It is important to be certain that this file is from a trustworthy source.”
- You’ll stop being prompted for credentials every time you open an Office file or create a new one directly from SharePoint.
- Saving straight from Office programs to SharePoint. When you start a new file directly in an Office program, you can save it straight to a SharePoint library without having to go to the site in the browser. I’ve seen this not act properly when browser settings are not correct. When saving straight to SharePoint, it’s supposed to look like this. See, you can see the site branding at the top, and you can even navigate up a level, and navigate to another library, using the breadcrumb trail at the top.
This may look slightly different depending on your OS and/or version of MS Office.
- Gets rid of this error when trying to publish an InfoPath form to SharePoint. I’m trying to reproduce it, to get the exact text, but haven’t been able to. It’s not a very descriptive InfoPath publishing error.
I’ll update this post if I think of any other issues and errors that this fix solves. In general, it improves your Office integration with SharePoint, dramatically.
What about those of you who are server administrators, who would like to apply these IE settings globally, using Group Policy? You can do that! Lori Gowin and I are actually presenting a session next week at SPTechCon, about ways that the server admin can help improve user adoption, and this is one of the things we talk about.
Have fun! I’m interested to see the feedback on this one, and if you server admins have anything to throw in that I missed.