The following example shows how Kerberos Delegation can be used in a business case scenario where user privacy and enhanced security measures are required. This example is for illustrative purposes only and may not reflect your company’s unique configurations.
Apply Kerberos Delegation to a Network Share Folder Workflow Rule Example
The Administrator at Pharmaceutical Company K creates a Network Share Folder workflow that requires Kerberos Delegation for Clinical Trial documents scanned by Research professionals. Before applying Kerberos Delegation to the workflow, the Administrator configures Windows for Kerberos Delegation.
Note: Not all steps are highlighted in this example.
Active Directory for Users and Computers and Delegation Properties
The Administrator specifies the following Kerberos Delegation settings for the Service Account user and computers by using Windows Administrative Tools > Active Directory for Users and Computers.
See the Active Directory for Users and Computer Delegation properties selected below.
Note: See Configuring Windows for Kerberos Delegation for more information.
Workflow Rule and System UseKerberosDelegation Job Property
The Administrator applies Kerberos Delegation to a network share folder workflow rule by using the System job property UseKerberosDelegation and setting it to a value of 1.
See the Rule Properties > Actions > Job Properties dialog boxes below.
See Applying Kerberos Delegation to a Network Share Folder Workflow for more information.
Impersonation of the Authenticated User at the Device
The Research professional signs in at the device. The server captures the username during authentication at the device, impersonates the user, and delivers jobs to the network share folders as the authenticated user.
See also
Configuring Windows for Kerberos Delegation
Applying Kerberos Delegation to a Network Share Folder Workflow