Hi all,
We recently moved our on-premise DB repository where Windows authentication was activated to a cloud-based repository using PCS for Sparx EA access. We keep the Windows authentication settings but add an OpenID option using our Azure AD (now Entra ID) IdP synchronized with our on-premises AD.
I'm not an expert in Windows domain security therefore I'm not sure I'm using the correct wording.
Connecting from within on-premise, the Windows authentication is "propagated" to PCS and authentication succeeds as usual using the AD group mapping defined.
However, if we try to connect from home (without any VPN), windows authentication fails and Sparx EA proposes an OpenID authentication (which succeeds).
Not being familiar with the Windows ID propagation, is it the expected behavior? Does Sparx EA try to negotiate with the on-premise AD and fail? If yes, this means then that OpenID is the only authentication method available remotely. This is not a problem but our users might be surprised by this behaviour.
Thanks for your clarification.