Single sign-on

Active Directory is set for end of life 2024-12-31 in favour of Azure AD.

If single sign-on is to be used, a Service Provider Name (SPN) for Lime CRM Server must be set in Active Directory.

To do this, run the following commands in a command prompt as a user with Domain Administrator privileges (from any computer inside the domain): 

setspn -s lime/<hostname> <domain>\<serviceaccount>
setspn -s lime/<fully qualified hostname> <domain>\<serviceaccount>
  • <hostname> is the name of the machine LIME Server is being installed to (for example “limesrv”)
  • <fully qualified hostname> is the same name but with domain suffix (for example “limesrv.yourdomain.local”)
  • <domain>\<serviceaccount> is the user account running the Lime CRM Web Server service.

If you use a DNS-name as your servername when you login, you must run setspn with the DNS-name as hostname (without the https://), e.g. lime.mydomain.com

You can check current settings using: 

setspn -l <domain>\<serviceaccount>
  • Last modified: 15 months ago
  • by Jonatan Folger Asu