Configuring the Portal for Windows
Authentication 
Use
The Enterprise Portal provides seamless support for Windows 2000 authentication. By configuring the Enterprise Portal as described below, authentication of the portal user is delegated to the operating system.
You can use the following Windows authentication methods:
Basic Authentication: The Windows 2000 Domain Controller can authenticate the portal user. This authentication mechanism is based on the Basic Authentication feature of the HTTP protocol. The portal user enters his or her existing Windows user name and password into the browser dialog box. The Windows Domain Controller then authenticates the user. This mechanism is typically deployed when the enterprise portal is accessible from the extranet. With this authentication method, the password is transmitted unencrypted, so you should ensure that all connections use SSL.
If you are using basic authentication, we strongly recommended that you set up the browser and portal Web server to communicate using Secure Sockets Layer (SSL). Otherwise users‘ credentials will be transmitted in clear text.
Integrated Windows authentication (previously known as NT Challenge/ Response): If the Enterprise Portal is implemented as an intranet portal only, a previously successful logon to the Windows operating system can be reused for automatically logging the user on to the portal. This authentication mechanism is based on Windows security. The user is not required to reenter his Windows authentication credentials again. But in order for this to work, the client must use a Microsoft Internet Explorer browser and be within the same Windows domain as the Portal Server.
Integrated Windows Authentication cannot be used if the Enterprise Portal uses Macromedia JRun as a Java servlet engine. See also SAP Note 482535.
When the Enterprise Portal is configured for Windows 2000 authentication, the user logs on with the domain name in his or her user name, for example company_domain\myname. The portal will issue a logon ticket for the authenticated user company_domain\myname. However, if the user names in the corporate LDAP directory do not contain the domain name, you can configure the portal to remove the domain from the user name before issuing the logon ticket. This is described below.
Procedure
Configure the Portal Server
...
1. Log on to the portal as administrator.
2. Start the user management configuration tool by choosing System Configuration ® User Management Configuration.
3. Choose the Authentication Server tab.
4. Set User Authentication Type to NT.
5. If you want the portal to remove the domain from the user name before issuing the logon ticket, select Disregard domain in user name.
Configure the Microsoft Internet Information Server (IIS)
...
1. Start the Microsoft Internet Information Server (IIS) on the Portal Server.
2. Right click on Default Web Site and choose Properties.
The properties of Default Web Site are displayed.
3. On the Directory Security tab, choose Edit under Anonymous access and authentication control.
The Authentication Methods dialog box is displayed.
4. Select either Basic Authentication or Integrated Windows authentication depending on which authentication method you require.
5. Repeat the above steps for the following directories in the IIS:
¡ Scripts
¡ SAPPortal
¡ CommonTools
Result
When a user logs on to the portal, his or her user credentials are authenticated against the Windows Domain Controller. The portal now issues a logon ticket for the authenticated user. If the indicator Disregard domain in user name is not selected, the portal will issue a logon ticket for the user company_domain\myname. If it is selected, the portal will issue a logon ticket for the user myname.