Directory Server Integration
Authentication Mechanisms
A user can sign in to Accops HySecure either through a Web Portal or by using a Desktop client. While signing in, the user can be authenticated using primarily two types of Authentication Mechanisms so that appropriate resources can be accessed.
| Type | Description |
|---|---|
| Basic Authentication | This is a relatively weaker authentication mechanism. Once the users signs in using User ID and password they are authenticated against either a local database or against an external server like an AD Server, RADIUS server, ProID or SAML Identity provider. Typically the Low Security Users are authenticated with this mechanism. |
| Certificate Authentication | This is a stronger authentication mechanism. Users sign in with Certificate and Password. Security officers and Administrators should usually be authenticated with this mechanism. |
Configure the AD/LDAP Authentication server
Specify Authentication Domain
- Log in to Management Console and go to Auth Management > Authentication Domain.
- Under the list of authentication domains, select DefaultDomain and click Modify.
- If you wish to login as Native users (local users on HySecure server) as well as Domain users then click Add another Authentication Server.
- Change your domain authentication servers to Priority 1 by using the drop down menu.
- Click Submit.
Note
Deleting servers from this list does NOT remove the authentication servers from the system.
Add Domain Authentication Server
- Open HySecure management console, got to Auth Management > Authentication Servers.
- Click Add to specify a new Authentication Server.
-
Choose AD/LDAP to add a domain authentication server.
-
Specify information as mentioned in beloew listed table:
| # | FIELD | TYPE | DESCRIPTION |
|---|---|---|---|
| 1 | Server Name | String | Type an identifier of the External AD/LDAP Authentication Server in Server Name field. |
| 2 | IP Address / Host Name | IP or String | Type the IP address, host name, or FQDN of the AD/LDAP server, in the Host Name field. |
| 3 | Port | Number | The default LDAP port number is displayed in the Port field. Please note that you can change this port number as needed. |
| 4 | Admin Bind DN | id=value pair(s) | Type the admin bind DN in the Admin Bind DN field e.g. cn=vpnadmin,cn=Users,dc=prodemo,dc=local |
| 5 | Admin Password | String | Type your password in the Admin Password field. |
| 6 | Base DN | id=value pair | Type the base DN in the Base DN field e.g. dc=prodemo,dc=local |
| 7 | User Search Attribute | String | User search attribute is given in the this field, e.g. samAccountName |
| 8 | User Group Search Attribute | String | User Group search attribute for the server is displayed in this field, e.g. MemberOf |
Note
The User Group Search Attribute is used to obtain the User Groups from AD/LDAP server.
- Click Test Connection to verify the configuration. If connection is established successful click Submit to save the configuration data.
- AD/LDAP Configuration information updated successfully message will be displayed.
