Versions Compared

Old Version 3

changes.mady.by.user Viktoryia Varapayeva

Saved on

compared with

New Version 4

changes.mady.by.user Viktoryia Varapayeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

NetMRI uses internal and external authentication systems to control user authentication for performing all administrative tasks. For a simple rollout, you can use the NetMRI local authentication database, which is called the local authentication service, where all user accounts and login information are contained within the appliance. You can also link NetMRI to an external Active Directory, RADIUS, TACACS+, LDAP, SAML, or OCSP authentication server or server group in the enterprise network to perform user authentication and authorization for NetMRI tasks, using the same user roles and privileges defined on the local NetMRI system. Doing so requires creating new authentication services in NetMRI.

Anchor
bookmark214
bookmark214

...

NetMRI SAML Attribute KeySAML Attribute ValueDescriptionExample

uid

username

User name as specified in the IDP user record.

jdoe

urn:oid:1.2.840.113549.1.9.1 or mail

mail

This is the person’s Email ID in the IDP user record.

jdoe@example.com

urn:oid:2.5.4.42 or givenName

givenName

Given name (first name) as specified in the IDP user record.

john

urn:oid:2.5.4.4 or surname

surname

Surname (last name) as specified in the IDP user record.

doe
Group AttributeCustom group attributeUser's relation to the organization or group.

memberOf

eduPersonAffiliation


To configure a NetMRI SAML authentication service, complete the following:

  1. Go to the Settings icon > General Settings  > Authentication Services.
  2. Click the New icon. The Add Authentication Service dialog box opens.
  3. Name: Enter the name of the SAML authentication service. This name will appear on the NetMRI login form. For example, Okta, Azure SSO, and so on.
  4. Description: Enter a textual description for the SAML authentication service.
  5. Priority and Timeout: These settings do not apply to the SAML authentication type.
  6. Service Type: Choose SAML.
  7. In the Service Specific Information section, specify the following:
    • Entity ID: Enter the unique identifier of the SP entity (i.e. NetMRI) for the IDP.
    • IdP Metadata Url: Enter the IDP metadata URL.
    • IdP Group Attribute: User's relation to the organization or group. For example, memberOf.
    • IdP CA Certificate: Choose the certificate file.
    • Key: Choose the private key file.
  8. Disable service: By default, this setting is turned on. When you turn it off, the configured service becomes available on the NetMRI login form.
  9. Disable authorization: By default, this setting is turned on until remote groups are specified.
  10. Click Save. You can now proceed to remote group mapping or close the window.

Once When you save a SAML service configuration, NetMRI generates an SP Metadata link based on the data that you provided. To access the link, close the Add Authentication Service window and, in the Actions menu for the configured SAML service, select Edit. Click the SP Metadata link to open an XML document with the NetMRI metadata in a new window. Use this metadata to configure the connection between your IDP and NetMRI.

...