On the Login Tabbed page, you can restrict the login, once under Allowed web login methods and once under Allowed client login methods.
![Tabbed page "Login [Login]"](https://webapi.partcommunity.com/service/help/latest/pages/jp/partsolutions_user/doc/resources/img/img_cfb71702f4784e909b3def8762373b4b.png)
Enter a domain (e.g. "CNS") or a host name (e.g. DE-AGB-NAME-01) in the Rule column.
Click in a field in the Databases column, open the list field with the options WINDOWS, ERP, OPENIDC, SQL,FILE andLDAP and activate the desired ones.
The options listed here are configured under the Rights management [Rights administration] category.
Service runs as a local system and does not require access to network shares (requires access to network shares via UNC path)
Standard configuration from Microsoft for Windows authentication (Kerberos) works. Only the computer name must be added to the Local Intranet Zone in the browser settings of the clients.
Service requires access to external network shares. It must then run as a service user and the SPN entry (Service Principal Name) must be set correctly in the AD. And the computer name must be included in the Local Intranet Zone in the browser settings of the clients.
setspn -S HTTP/servername.domain.name DOMAIN\serviceuser