Configuring a front-end authentication method
Microsoft® Active Directory® authentication
Configuring smart card authentication
LDAP authentication
Microsoft® Active Directory® LDS
389 Directory Service
Novell® eDirectory™
Windows Azure™ Active Directory® authentication
SAML federated
WS-Federated
Social authenticators
Integration with password management applications
Primary credentials
Configuring user front-end authentication method selection
Adding a web application
Integrated Windows Authentication
Form fill authentication
Proxy-less form fill authentication
SAML federation
Configuring advanced SAML token settings
Configuring advanced WS-Federation token settings
OpenID Connect/OAuth 2.0
Manual user provisioning
HTTP basic authentication
HTTP header value
No back-end SSO
Exporting an application configuration template
Forwarding claims to federated applications
Adding HTTP headers to proxy applications
Configuring step-up authentication
Configuring front-end authenticators
Configuring each application
Configuring for external users
Configuring Defender as a Service with Cloud Access Manager
Using Dell's Security Analytics Engine
Enabling Dell's Security Analytics Engine
Configuring Cloud Access Manager to use Dell's Security Analytics Engine for access control
Managing your SSL certificate
Obtaining a signed certificate
Replacing an expiring certificate
Installing a fully signed certificate from a certificate archive file
Installing a certificate authority certificate
Changing the Cloud Access Manager service account password
Cloud Access Manager IIS Application Pool
Dell Redistributable Secure Token Server
Front-end authenticators
Reporting
Customizing Dell™ One Identity Cloud Access Manager
Forwarding claims to federated applications
|
1 |
next to the application you want to send claims to.|
3 |
In the navigation bar, click Claim Mapping. |
|
4 |
in the top right hand corner of the claim list pane.|
5 |
Complete the Name of the claim to send to the application. For OpenID Connect/OAuth 2.0 applications, you can select from a preset list of standard claims. |
|
6 |
Rule Processing Mode: Mapping rules can be applied to users who have a certain role. You can use the Rules Processing Mode setting to determine whether only the first rule matching the user(s) should apply, or whether all rules should apply. |
|
• |
Use first rule matched - return the result of the first rule where the user is a member of the role set on the rule. |
|
• |
Use all rules matched - return the results of all rules where the user is a member of the role set on the rule. |
|
7 |
In the Claim Rule box: |
|
b |
Choose the Claim mapping mode: |
|
• |
If you want the claim to be derived from a claim from an identity provider, choose Map claim to user attribute. |
|
• |
If you want Cloud Access Manager to set the claim to a constant value, choose Map claim to static value. |
|
8 |
If you have chosen Map claim to static value, enter that value in the box provided. If you have chosen Map claim to user attribute, choose the attribute holding the information you want to send as a claim from the dropdown. To add more attributes to the list displayed in the dropdown, click Manage User Attributes.  |
|
9 |
If the same claim can be derived from different attributes depending on the user's role, you can add another Claim Rule by clicking the Add New Claim Rule button. If you have defined multiple Claim Rules you can order them by dragging and dropping the rules into the correct position, so that the correct rule is processed for users in a given role. |
|
11 |
You can send the names of the user's Cloud Access Manager roles to the application as claims. To do this, select the Send Cloud Access Manager role claim box at the bottom of the claim list panel. |
|
NOTE: If you select Group Memberships for a claim rule and you are using Active Directory the user's Primary Group is not returned. In default installations, the user's Primary Group is Domain Users. The Primary Group is not returned because the claim rule returns the values in the memberOf attribute and the Primary Group is determined using the primaryGroupID attribute. |
Adding HTTP headers to proxy applications
Headers are pieces of information about a user, which the application can use to tailor its interface or to make authorization decisions. The mechanism for configuring additional HTTP headers uses the same process of building information from claim rules that is used in claim mapping. For detailed instructions on how the mapping interface works please refer to Forwarding claims to federated applications, where you see Claim Mapping replace this with Header Mapping.
|
1 |
|
3 |
In the navigation bar, click Header Mapping. |
|
4 |
Follow the instructions in Forwarding claims to federated applications, where you see Claim Mapping replace this with Header Mapping. |
Configuring step-up authentication
When you configure an Active Directory® or Lightweight Directory Access Protocol (LDAP) front-end authenticator you can also configure two-factor authentication. Configuring a front-end authentication method describes how to configure two-factor authentication for all users, for all applications.
Configuring front-end authenticators
If your users are authenticating using one of the Directory Authenticators (Active Directory or one of the LDAP type authenticators), you can configure Cloud Access Manager to use a second factor of authentication in addition to a password. The secondary authentication methods available are: