You have installed RM Unify AD Sync and have enabled device single sign-on for your establishment. You now need to make some changes to your Windows® Internet Explorer® settings in order for your domain-joined Windows devices to work with device single sign-on. These settings will apply to Internet Explorer and Edge browsers.

• You must have installed RM Unify AD Sync as per DWN3182456 in the Other Useful Articles section below.
• You must have ticked the box to 'Enable single sign-on for domain-joined Windows devices' within the RM Unify Management Console.

1. Log on to a CC4 computer as systemadmin and open the RM Management Console (RMMC).
2. Download the RMUnifyDSSO.txt file from the Download section below and save to a temporary location.
3. Rename the file from RMUnifyDSSO.txt to RMUnifyDSSO.reg.
4. In the RMMC, expand Registry Policies, User Policies, Global and click on the 'Internet & Email Settings' registry policy.
5. Click Custom Settings under 'Internet & Email Settings'.
6. Click Add, Browse, then locate the RMUnifyDSSO.reg file and click Open.
   Note: Please ensure that the filename of RMUnifyDSSO.reg is unique within Custom Settings.
7. Give a meaningful Name and Description and click OK, then click Save in the RMMC.
8. Log off the computer and log back in for the settings to apply.

If you have issues with Option 1, i.e. some users do not have a successful single sign-on experience on a Windows domain-joined machine, then proceed with Option 2 (given below) as an alternative.

1. On a domain controller, run gpmc.msc to open Group Policy Management Console.
2. Expand Group Policy Objects.
3. Right-click All Users and select Edit.
4. Under User Configuration, expand Policies, Administrative Templates, Windows Components, Internet Explorer, Internet Control Panel, Security Page.
5. In the right-hand pane, double-click 'Site to Zone Assignment List'.
6. Ensure the Enabled radio button is selected and then under Options, select Show.
7. Under 'Value name', type https://*.rmunify.com.
8. Under Value, type 1.
9. Click the empty 'Value name' column below, type https://*.google.com.
10. Click the empty Value column, type 1.
11. Repeat steps 9 and 10 for the following URLs:
    https://*.microsoftonline.com
    https://*.live.com
    https://*.office.com
    https://*.sharepoint.com
    https://*.office365.com
12. Click OK, OK.
13. In the left-hand pane, under Security Page, click Intranet Zone.
14. In the right-hand pane, double-click 'Logon options'.
15. Ensure the Enabled radio button is selected and then under Options, select 'Automatic logon with current username and password' from the drop-down list.
16. Click OK.
17. Remaining in the right-hand pane, double-click 'Web sites in less privileged Web content zones can navigate into this zone'.
18. Ensure the Enabled radio button is selected and then under Options, select Enable from the drop-down list.
19. Click OK.
20. In the left-hand pane, navigate back to User Configuration, Policies, Administrative Templates, Windows Components, Internet Explorer, Compatibility View.
21. In the right-hand pane, double-click 'Turn on Internet Explorer Standards Mode for local intranet'.
22. Click Enabled.
23. Click OK.
24. Close Group Policy Management Editor.
25. Close Group Policy Management Console.

Log on to a computer, open Internet Explorer or Edge and browse to the SSO URL for your establishment's RM Unify site, e.g. https://<your_site>.rmunify.com/sso. You should be automatically logged in to your RM Unify account.

The RMUnifyDSSO download file in option 1 makes the following Internet Explorer settings changes:

• The 'Local intranet' zone is configured to use 'Automatic logon with current user name and password' for User Authentication.
• The 'Local intranet' zone setting 'Websites in less privileged web content zone can be navigated into this zone' is set to Enable.
• https://*.rmunify.com and other specified URLs are added to the 'Local intranet' zone in Internet Explorer.
• 'Display intranet sites in Compatibility View' is unticked.