Workflow: Configure mixed mode authentication

If your RSA KMS is currently accessing SQL Server using a local user account and SQL Server authentication, you can change to a domain user account with mixed mode authentication. In SQL Server, when mixed mode is enabled, both Windows Authentication and SQL Server Authentication is allowed.

Downtime

Since this procedure requires you to stop and then start the Apache Tomcat service on the RSA KMS, it should be performed during a maintenance period.

Before you begin 

The domain user account must already be set up.

Workflow

1. Add a domain login in SQL Server

   In order for a domain user to connect to the SQL Server database, you must create a login in SQL Management Studio. Once the login is created, you must assign roles and access to the RKM database.

2. Set account privileges for the domain account in Windows

   You must assign a local security policy in Windows for the domain account. The log on as a service right allows the account to register a process as a service.

3. Change the Apache Tomcat account

   You must change the Apache Tomcat account and restart the Apache Tomcat service.

4. Change database credentials in the RSA KMS

   The RSA KMS stores an account and password that is used to access the database. You must change this account and password to the domain account and password.