NetMRI uses internal and external authentication systems to control user authentication for performing all administrative tasks. For a simple rollout, you can use the NetMRI local authentication database, which is called the local authentication service, where all user accounts and login information are contained within the appliance. You can also link NetMRI to an external Active Directory, RADIUS, TACACS+, LDAP, SAML, or OCSP authentication server or server group in the enterprise network to perform user authentication and authorization for NetMRI tasks, using the same user roles and privileges defined on the local NetMRI system. Doing so requires creating new authentication services in NetMRI.
Anchor | ||||
---|---|---|---|---|
|
...
- Go to the Settings icon > General Settings > Authentication Services page.
- Click New to add a new authentication service. The Add Authentication Service dialog opens.
- Enter the Name and Description.
- Set the Priority and Timeout of the AD service. The Priority value, in which higher values provide a lower priority for service execution ("3" provides a lower priority than "1") should be set to 1 if the AD service is planned to be the first of two or more authentication options.
- Choose Active Directory as the Service Type. The Service Specific Information pane updates to show the required AD settings.
- Enter the AD Domain value for the new AD service (example: engineering.corp100.comlocal).
- Click Save.
- If desired, click Disable service (this completely disables the service, but does not change or delete any settings) or Disable authorization. This disables the new service from performing any group searches but allows basic authentication of user accounts from the Active Directory server, and requires the user accounts being defined locally on the appliance.
...
NetMRI SAML Attribute Key | SAML Attribute Value | Description | Example |
---|---|---|---|
uid | username | User name as specified in the IDP user record. | jdoe |
urn:oid:1.2.840.113549.1.9.1 or mail | This is the person’s Email ID in the IDP user record. | jdoe@example.com | |
urn:oid:2.5.4.42 or givenName | givenName | Given name (first name) as specified in the IDP user record. | john |
urn:oid:2.5.4.4 or surname | surname | Surname (last name) as specified in the IDP user record. | doe |
Group Attribute | Custom group attribute | User's relation to the organization or group. | memberOf eduPersonAffiliation |
To configure a NetMRI SAML authentication service, complete the following:
...