1. Navigate to your DSS root directory e.g., [Drive]:[path-to-DSS-root-folder]).
2. Open Web.config in a text editor.
3. Find the <runtimeAuthSettings> element, and set the @enabled attribute to true. This enables the default AD plug-in.
4. Verify that the <runtimeAuthSettings> element within your Web.config is comparable to the following:
   <!-- RuntimeAuth Settings -->
   <runtimeAuthSettings enabled="false" allowMediaStreamingInProtectedFolders="false"
       allowedRequestIPs="" auth_backgroundAuthentication="false"
       auth_failureMessage="Authentication Failed. Invalid User Name or Password."
       auth_passwordFieldName="pass" auth_userFieldName="user" authenticationPageList="x191.xml"
       binaryDownloadPage="" forbiddenFolders="settings" forbiddenFoldersResponsePage="x13.xml"
       homePage="x11.xml" loginHandlerPageMockup="login" loginPagePath="x192.xml"
       logoutHandlerPageMockup="logout" protectedBinaryFolders="documents/secured"
       redirectionQueryStringName="redir">
       <plugins>
           <add name="ADAuthPlugin.dll"/>
       </plugins>
   </runtimeAuthSettings>

   Note

   Both AD and LDAP rely on the ADAuthPlugin.dll.
5. Optional: You can configure the following attributes in the <runtimeAuthSettings> element:

   Attribute	Description
   @enabled	Must be set to true. Determines if RTA is turned on.
   @allowMediaStreamingInProtectedFolders	If set to true, enables the publishing of streaming media resources in protected folders.
   @allowedRequestIPs	The list of IP addresses allowed to request session data from the CMS. Use this when securely integrating third-party applications with RTA.
   @auth_backgroundAuthentication	If set to true, enables background authentication and causes RTA to validate session details against external SSO (single sign-on) locations.
   @auth_failureMessage	The error message displays to users whose credentials cannot be authenticated.
   @auth_passwordFieldName	Configuration for the login form field name. If unspecified, uses the default password value.
   @auth_userFieldName	Configuration for the username form field name. If unspecified, uses the default username value.
   @binaryDownloadPage	The xID or URL that specifies the page to which users should be redirected when requesting to download a protected media item.
   @forbiddenFolders	The website folders to which access is always forbidden, regardless of the user's authentication status. Typically includes the settings and StyleSheets directories.
   @forbiddenFoldersResponsePage	The xID or URL of the pages to which users are directed when their credentials cannot be authenticated.
   @homePage	The xID of the home page.
   @loginHandlerPageMockup	The URL for logging in users. If unspecified, uses the default login.ashx value.
   @authenticationPageList	The xID that contains the list of pages that require authentication.
   @loginPagePath	The xID.xml of the login page that displays when users attempt to access protected pages.
   @logoutHandlerPageMockup	The URL for logging out users. If unspecified, uses the default logout.ashx value.
   @protectedBinaryFolders	The list of website folders that require authentication for access. Defined folders have their contents protected. Typically, use this to authenticate access to asset folders.
   @redirectionQueryStringName	The name of the redirection query string.

6. Save and close Web.config.

Next Steps: Set up page types for RTA.