Authentication Options

Authentication Options

Discover appropriate authentication mechanism for your environment.

OLAP software Windows Integrated Authentication (Default)

Windows credentials of current user who opened the browser are automatically used to identify user in Kyubit application and same Windows account is used while accessing data sources. If Kyubit application and data sources are not on the same server, valid Kerberos authentication have to be configured. This authentication mode is already active after Kyubit setup.

 Easy usage with no login form
 Good security

 No logout button
 Cannot be used with external users


 How to configure

  • Open your IIS -> Sites -> KyubitAnalysis -> Authentication. Enable 'Windows Authentication' and 'ASP.NET Impersonation', while disable other authentication options.
  • Open your web.config file (C:\Program Files\Kyubit\BusinessIntelligence) and set "LoginForm" setting to "0".
    <add key="LoginForm" value="0" />

OLAP software Windows Login Form Authentication

User is prompted to enter his Windows credentials into login form, with option to be remembered by application (not having to supply credentials each time). It is recommended to use this authentication mode together with HTTPS protocol.

 At any time log-out and log-in with appropriate credentials.
 Convenient for external users access.
 Kerberos not required.

 External users still require Windows account.


 How to configure

  • Open your IIS -> Sites -> KyubitAnalysis -> Authentication. Enable 'Anonymous Authentication', while disable other authentication options. Right click on 'Anonymous Authentication' -> Edit -> Set 'Application Pool Identity'
  • Open your web.config file (C:\Program Files\Kyubit\BusinessIntelligence) and set "LoginForm" setting to "1".
    <add key="LoginForm" value="1" />

OLAP software Kyubit Users Authentication

With this authentication scenario, Users and Groups are created inside Kyubit application, by Kyubit administrator. Kyubit User is prompted to enter his Kyubit credentials into login form, with option to be remembered by application (not having to supply credentials each time). It is ideal authentication option, if preferred to avoid Windows account creation for end-users, for any reason. If BI content is served over internet to outside users that are not part of the domain, this is recommended approach. Recommended to be used with HTTPS.

Because certain data sources require Windows account to connect to data (SSAS, for example). Each Kyubit User could have optionally associated Windows account to be used while accessing data sources. If Windows account is not associated, Windows account of Kyubit Application Pool in IIS will be used to access such data sources.

 Ideal approach for access by external users, avoiding Windows account creation for each external user.
 Easy to manage users and groups by Kyubit administrator.
 Optionally associate Windows account to apply OLAP role based security.


 How to configure

  • First, while you are still working with Windows authentication, create initial Kyubit user and assign him administrative privilege. Administration -> Users -> Create User. Click on the user -> Set Admin Rights.
  • Open your IIS -> Sites -> KyubitAnalysis -> Authentication. Enable 'Anonymous Authentication', while disable other authentication options. Right click on 'Anonymous Authentication' -> Edit -> Set 'Application Pool Identity'
  • Open your web.config file (C:\Program Files\Kyubit\BusinessIntelligence) and set "LoginForm" setting to "2".
    <add key="LoginForm" value="2" />
  • Login with created Kyubit user.