I guess so many people are happy with the windows authentication features that comes with MS Project Server and found it very easy to setup and to use. But did they know that there is another way of authenticating users, i am sure that they knew but they never think when and how to use it
First let me focus on facts about each and when each one is recommended to be used?
- It authenticates users against the AD that the Project Server is joint to. So, it can use only one AD. So if all of your users belong to one domain then this will be your right choice.
- Roles and groups (or any AD classification) are not used in EPM, remember that the post title is all about Authentication, not authorization. Authorization is run through the security model embedded with the Project server itself.
- Project Server users list and the AD users list are not linked or in synch. You need to schedule synch job from within Project Server itself, this means if a user became inactive then this will not be reflected in the Project Server. (needless to say that if the user became inactive or blocked in AD then he/she will not get authenticated to AD but he can be still used as a resource in Project Server)
- Conceptually, it is very similar to the AD authentication, except that Membership Provider will be used instead of AD
- More flexible to contain users regardless of the AD they belongs to and even if they don’t belong to.
- Difficult (or not straight forward to setup) to setup and maintain the users credentials.
- No synch tool is available out of the box except for the "PjFormsAuthUpgrade" tool that comes with Project server
I will be posting more articles about Forms authentication, be tuned