This option is an LDAP authenticator with pre-configured attributes for use with Microsoft Active Directory Lightweight Directory Service, please see LDAP authentication, for configuration options.
This option is an LDAP authenticator with pre-configured attributes for use with 389 Directory Service, please see LDAP authentication, for configuration options.
This option is an LDAP authenticator with pre-configured attributes for use with Novell eDirectory, please see LDAP authentication, for configuration options.
This section describes how you can configure Cloud Access Manager to use Windows Azure Active Directory for authentication. Before you begin you need to configure an application for Cloud Access Manager so it can authenticate users and obtain lists of users and groups. In addition:
|
NOTE: A newly-created Azure Active Directory user account is assigned a temporary password. For the user to access Cloud Access Manager, they must first change their password so that it is no longer expired. Cloud Access Manager does not accept logons from users with expired passwords. |
To configure an Azure Active Directory application for use with Cloud Access Manager
To configure Azure Active Directory authentication
The settings on the Primary Authentication screen are split into three sections. When complete, click Next.
The first section is used to determine whether or not users are allowed to use social authenticators, for example Facebook or Google, and link to the selected authenticator when authenticating to Cloud Access Manager.
The second section determines whether users’ credentials are stored for accessing other applications. If selected, the credentials used to authenticate to Cloud Access Manager are stored as the Primary Credentials in the user’s Password Wallet. Please refer to Primary credentials for details.
The third section is used to determine how users are challenged for their Windows credentials, you must choose at least one option. Cloud Access Manager checks for credentials presented in the following order of precedence:
Enable kerberos authentication — Cloud Access Manager will check for a Kerberos ticket generated during Windows domain login and supplied by the browser. If the Kerberos ticket is present and valid, then the user will be successfully logged in.
Successful Kerberos authentication requires correct configuration of the user's browser. Please refer to Microsoft Active Directory authentication for details. In addition some browsers do not support Kerberos authentication. Please refer to the One Identity Cloud Access Manager Installation Guide for browsers that support Integrated Windows Authentication.
|
NOTE: If you enable social authentication, storing credentials from the authenticator is required, this in turn requires that forms authentication is the only enabled authentication method. Storing credentials is required as Cloud Access Manager needs to verify if the linked account used for primary authentication is still valid, for example the account is not disabled, or the password has not expired when authenticating using a social authenticator. If a user attempts to authenticate with a social authenticator and the linked account is not valid, the user will be prompted to enter the correct credentials for the primary authenticator. |
|
NOTE: If you enable social authentication, we recommend that you set linked accounts to have a long password expiry, this allows seamless authentication using the social authenticator. |
If you require two factor authentication each time users authenticate to Cloud Access Manager, select Use two factor authentication for all applications from the Two factor authentication mode list. Select the method of authentication from the Type of two factor authentication list.
For information on how to configure the various authentication types or how to configure two factor authentication only for specific users or applications, refer to Configuring step-up authentication. When compete, click Next.
In the Authenticator Name field, enter the name that will be used to identify the authenticator within Cloud Access Manager, then click Finish.
|
NOTE: This name will be seen by Cloud Access Manager users during authentication if multiple authentication methods have been configured. |
You have now created the front-end authentication method. Click Edit Roles.
Before Cloud Access Manager administrators and users can log in to Cloud Access Manager using their Azure Active Directory credentials, you must tell Cloud Access Manager how to identify administrators and users based on their Azure Active Directory group membership. For example, the Domain Admins group for Cloud Access Manager administrators and the Domain Users group for regular Cloud Access Manager users.
Click +Add User.
Click Close to return to the Cloud Access Manager Administration Console. The configuration is now complete. Cloud Access Manager administrators and users can now log in to Cloud Access Manager using their Azure Active Directory credentials
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center