What is Interwoven Administrative "Impersonation" and how does it work?
To use "Trusted Login" authentication with the eCopy Connector for Interwoven, the administrator impersonation password is required within the eCopy ShareScan Administration console. This password allows any user who holds it, the ability to impersonate any other user. This can be configured within WorkSite server >> Service properties.
Users are added to the WorkSite server either by importing them from the domain user list or by adding them manually. Domain users must have the appropriate network type in their profile (Windows NT authentication is the current setting, through v 7.x and v 9.0) and a domain specified. These users would typically know only their network password for accessing the server.
Users entered manually are considered "virtual" users, require no domain container information, and use a database password to access the server. As long as a user has the right to access a database, they should be able to access a database using either their domain password or their database password - which is often a randomly generated string mapped by the WorkSite administrator when the user is imported.
In addition, when the administrative impersonation account is created on the WorkSite server, the server has to be rebooted in order for the impersonation password to take effect. When "testing" the connection, it is only testing the domain user / password, effectively not the administrative impersonation password. So, in the event that the WorkSite server was rebooted after creating the administrative impersonation account and the user is unable to authenticate to the domain, re-enter the administrative impersonation password.
Lastly, if the Interwoven system is in a clustered environment, all WorkSite servers must have the administrative impersonation password set to the same value. This is extremely important.