# Configuring Windows Authentication for the Alemba API

If a Core Analyst login has Integrated Security enabled, Windows Authentication can also be enabled for Alemba API Clients where the Session Type or request scope is set to Analyst.

{% hint style="info" %}
**Self Service Portal** must be selected in the **Integrated Security** section of the Security Settings window.
{% endhint %}

To enable Windows Authentication, the corresponding setting must be enabled for the individual API client in Alemba Admin.

The **Alemba.Web** Web Application (in IIS) must also be configured to use Windows Authentication as follows:

1. In **Feature Delegation**, set **Authentication – Windows** to **Read/Write**.

{% hint style="info" %}
This is an application server level setting (accessed through the root node in IIS) and allows the Alemba Authorization Server to use passive Windows Authentication.
{% endhint %}

2\.  Enable Windows Authentication and Anonymous Authentication for the Alemba.Web application.