Skip to main content


Configure web.config file

  1. On your Snow License Manager application server, open C:\Program Files\Snow Software\Snow License Manager\Web\web.config.

  2. Change these settings in the <appSettings> section:

    • <add key="UseWindowsAuthentication" value="true" /> 
    • <add key="LDAPUrl" value="[FQDN]" />
  3. To enable automatic creation of users while using Active Directory integration together with Federated Authentication or to enable Automatic deletion of obsolete users, optionally change these settings in the <appSettins> section:

    • <add key="ADServiceAccountName" value="[The name of the Active Directory service account]" /> 


      ADServiceAccountName is [domain]\[sAMAccountName] or User Principal Name (UPN).

    • <add key="ADServiceAccountPassword" value="[The password for the Active Directory service account]" /> 

For more information on how to correctly enable Windows Authentication in Snow License Manager, see Setting Up Windows Authentication. This is especially important when using the REST API of Snow License Manager, for example, together with Productivity Optimizer (formerly Automation Platform).

LDAPUrl is required to read the names of Active Directory groups. An LDAPUrl example value is This must be the relative Active Directory URL from where groups and users are read.


  • The LDAPUrl value enables a Snow License Manager application server that is not an Active Directory member to read Active Directory groups.

  • If single sign-on is already enabled in your environment, then <add key="UseWindowsAuthentication" value="true" /> is already entered in web.config. Do not change or remove it if you wish to retain single sign-on and Active Directory integration.

Create and add users to an Active Directory security group

  1. In Active Directory, create a security group with a unique name.

  2. Add users to the group.


  • Groups and users created in Active Directory are synchronized with Snow License Manager, not vice versa.

  • Active Directory groups with the following names are by default not included in the synchronization:

    • Administrators

    • License Administrators

    • Viewers

    • API Users

    See Enable or disable synchronization of Active Directory groups for more information.

Configure Snow Management and Configuration Center

All users in an Active Directory group are allowed to sign in to Snow License Manager. When a user signs in to Snow License Manager for the first time, a user account is created in Snow Management and Configuration Center.

Note that if the group is excluded from Active Directory synchronization, the above does not apply.

To allow what a user can see and do, configure Security > Role/AD group in Snow Management and Configuration Center.

In Snow Management and Configuration Center, define the Active Directory groups that will be used.

  1. Open and sign in to Snow Management and Configuration Center.

  2. If a Service Provider Edition of Snow License Manager is used, select the customer for which you want to define a group.

  3. Go to Security, and then select Roles/AD groups.

  4. Select New Role/AD group.

  5. In the Name box, enter the name of the Active Directory group that you want to use. The name must match the group name in Active Directory.

  6. In the Description box, enter a useful description that helps to remember what this group is for.

  7. In the Object Security tab, select all checkboxes that apply.

  8. In the Report Security tab, select all checkboxes that apply.

  9. Select OK.

Sign in to Snow License Manager

When Active Directory users and security groups are integrated with Snow License Manager to manage users and roles via Active Directory, users must sign in using [domain]\[sAMAccountName] or User Principal Name (UPN).

When a user signs in to Snow License Manager for the first time, their Snow License Manager user account is created in Security > Users in Snow Management and Configuration Center. They are also added to the Snow Management and Configuration Center roles that match their Active Directory group memberships. Their user name is [domain]\[sAMAccountName] or User Principal Name (UPN), and the other information is read from Active Directory.