Author Topic: SparxEA SQLServer Repository MFA Authentication - ActiveDirectoryInteractive (Read 3173 times)

dwreynoldsjr · « **on:** July 25, 2025, 08:26:51 am »

Has anyone been able to create a connection string using:

Authentication=ActiveDirectoryInteractive;

Our company has turned Multi-factor Authentication using Microsoft Authenticator on for everything. Now we can get SparxEA to connect to the repository.

We were previously, successfully, using:

Authentication=ActiveDirectoryIntegrated

Geert Bellekens · « **Reply #1 on:** August 11, 2025, 11:57:10 pm »

No, couldn't make it work, so I switched to using a database user, and encrypting the shortcut file (or use PCS)

Geert

Modesto Vega · « **Reply #2 on:** August 12, 2025, 02:55:26 am »

Quote from: dwreynoldsjr on July 25, 2025, 08:26:51 am

Has anyone been able to create a connection string using:

Authentication=ActiveDirectoryInteractive;

Our company has turned Multi-factor Authentication using Microsoft Authenticator on for everything. Now we can get SparxEA to connect to the repository.

We were previously, successfully, using:

Authentication=ActiveDirectoryIntegrated

Are you saying that your company has setup MFA even when connecting to databases to create, read, delete or update data?

Quote from: Geert Bellekens on August 11, 2025, 11:57:10 pm

No, couldn't make it work, so I switched to using a database user, and encrypting the shortcut file (or use PCS)

Geert

Is PCS supposed to work with MFA? I posted the same question in the PCS forum with little success.

Geert Bellekens · « **Reply #3 on:** August 12, 2025, 02:01:14 pm »

Quote from: Modesto Vega on August 12, 2025, 02:55:26 am

Quote from: Geert Bellekens on August 11, 2025, 11:57:10 pm
No, couldn't make it work, so I switched to using a database user, and encrypting the shortcut file (or use PCS)

Geert
Is PCS supposed to work with MFA? I posted the same question in the PCS forum with little success.

I mean that PCS uses a database user to connect to the database. Users connect to PCS using windows authentication.

Geert

Modesto Vega · « **Reply #4 on:** August 12, 2025, 04:50:58 pm »

Quote from: Geert Bellekens on August 12, 2025, 02:01:14 pm

Quote from: Modesto Vega on August 12, 2025, 02:55:26 am

Quote from: Geert Bellekens on August 11, 2025, 11:57:10 pm
No, couldn't make it work, so I switched to using a database user, and encrypting the shortcut file (or use PCS)

Geert
Is PCS supposed to work with MFA? I posted the same question in the PCS forum with little success.

I mean that PCS uses a database user to connect to the database. Users connect to PCS using windows authentication.

Geert

This exactly what I thought you meant. But can the connection to PCS be configured to support MFA when user connects to PCS using Windows authentication? What about WebEA?

Geert Bellekens · « **Reply #5 on:** August 12, 2025, 05:24:30 pm »

Quote from: Modesto Vega on August 12, 2025, 04:50:58 pm

This exactly what I thought you meant. But can the connection to PCS be configured to support MFA when user connects to PCS using Windows authentication? What about WebEA?

I don't know. Our users are already logged in into windows with the correct credentials, so PCS doesn't need to log them in (or use MFA)
WebEA is a different case althogether.

Geert

Modesto Vega · « **Reply #6 on:** August 20, 2025, 06:08:26 pm »

Quote from: Geert Bellekens on August 12, 2025, 05:24:30 pm

I don't know. Our users are already logged in into windows with the correct credentials, so PCS doesn't need to log them in (or use MFA)
WebEA is a different case althogether.

Geert

It is the same for our users with some very awkward authentication exceptions that have been reported to Sparx Systems.

WebEA is the main reason for the question.

Having said that, since Microsoft implemented MFA for using desktop apps, even when logged in using the right credentials, I have noticed a dilution of the boundaries between 1) using a Windows AD account to log into a laptop attached to a domain, 2) Sparx EA (plus PCS) using that account, 3) SSO, and 4) MFA; the boundary is at times so diluted that MFA is almost always required or, to use other words, those 4 things are conflated.

Sparx Systems Forum

News: