Setup: Using Windows Authentication instead of SQL Server Authentication

You can use Windows Authentication instead of SQL Server Authentication for the WorkflowGen back-end database and other external databases (e.g. usage of another application pool user; no password in any file).

To configure Windows Authentication, use one of the following connection strings in the WorkflowGen web.config file, located in the DRIVE:\Inetpub\wwwroot\wfgen folder:

  • Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;


  • Server=myServerAddress;Database=myDataBase;Trusted_Connection=True;

You’ll also need to modify the WorkflowGen application pool identity for a service account. To do this:

  1. In IIS Manager, right-click on the WorkflowGen application pool, then select Advanced Settings.

  2. In the Process Model section, select Identity, then click the ... button.

  3. Select Custom Account, then click Set…

  4. Enter your credentials, then click OK.

  5. Make sure the application pools for the other WorkflowGen web applications (auth, graphql, hooks, scim, ws, and webforms) match the wfgen application pool.

  6. Make sure the custom account has read/write and modify permissions for the WorkflowGen SQL database and the WorkflowGen files and folders.

  7. Use the same account as the application identity to run the WorkflowGen engine and directory synchronization services.

For more information on SQL Server connection strings, see