home

MinistryPlatform

RealmMinistryPlatformPDSACSAccountingGivingConnectShepherdGrowth MethodGo MethodMissionInsiteGatherHeadMaster ChildcareTrust Center
RealmMinistryPlatformPDSACSAccountingGivingConnectShepherdGrowth MethodGo MethodMissionInsiteGatherHeadMaster ChildcareTrust Center

What would you like to know more about?

Show Contents

Show Page Sections

thumbnailMinistryPlatform

External Login Authentication

Windows Authentication

Create Identity Provider Record

This section covers everything you need to set up your instance of MinistryPlatform so your members can log in through Windows.

Note: When you configure this external login, your users can log in to their MinistryPlatform account, but they can't create a new account using this external login.
  1. In the navigation menu, click Administration > Identity Providers.
  2. Click New Identity Provider.
  3. Enter the display name as Windows.
  4. For Provider Type, select WS - Passive Federation.
  5. Enter Not Used as the Client ID.
    Note: This field is required.
  6. Enter your base URL and add /iwa/ as the Metadata Address.
  7. Click Save.
  8. Copy the newly generated Identity Provider Unique ID. You'll use this in a later step.
    Note: You must replace all lowercase characters with uppercase letters.

External Login Callback URL

To create this Callback URL, take the GUID from the Identity Provider and add it to the base Callback URL.

You must replace the [IdentityProviderUniqueID] with the ALL UPPERCASE GUID from your Identity Provider record. You must replace [Domain] with your church's base URL. For example, https://my.churchname.net.

https://[Domain]/ministryplatformapi/oauth/callback/[IdentityProviderUniqueID]

You will use this in Identity Provider Settings.

Identity Provider Settings

You'll need to copy and update a chunk of JSON code in the settings, incorporating the External Login Callback URL.

  1. Copy the code block, and paste it into Settings.
    { "RedirectUri": "https://[Domain]/ministryplatformapi/oauth/callback/[IdentityProviderUniqueID]", "Wtrealm":"urn:WindowsAuthenticationService" }
  2. Replace the URL with the External Login Callback URL you previously created.

Add IWA Application

  1. Launch the IIS Manager.
  2. Expand the Server node.
  3. Expand the Site node.
  4. For the IWA application, either:
    • Locate the IWA application, or
    • Right-click MinistryPlatform site, click Add Application, enter "iwa" as the Application's Alias. Then, browse to select the Physical Path found under W:\Sites\[MinistryPlatformSite]\IWA.
  5. Select IWA Application.
  6. Launch Authentication from the icon to enable only Anonymous Authentication and Windows Authentication.

You may need to restart the application pool so your Users can configure new Identity Providers. If Setup Admin is set to Yes on your User record, you can click Restart Auth App on your User Profile to make the external authentication option available.

For more about enabling Windows Authentication for a Web Application, see Microsoft's article on Windows Authentication.

Test in the Platform

Once complete, a button for Windows Authentication displays on your login page. Before testing, configure the social login for your User in the User Account dialog.

To remove a previously configured Identity Provider, delete the Identity Provider record.

Note: The system will refresh overnight to remove the button from your login page. You can also manually refresh the IIS Application Pool.