Versions Compared

Old Version 2

changes.mady.by.user Viktoryia Varapayeva

Saved on

compared with

New Version 3

changes.mady.by.user Viktoryia Varapayeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

NetMRI uses internal and external authentication systems to control user authentication for performing all administrative tasks. For a simple rollout, you can use the NetMRI local authentication database, which is called the local authentication service, where all user accounts and login information are contained within the appliance. You can also link NetMRI to an external Active Directory, RADIUS, TACACS+, LDAP, SAML, or OCSP authentication server or server group in the enterprise network to perform user authentication and authorization for NetMRI tasks, using the same user roles and privileges defined on the local NetMRI system. Doing so requires creating new authentication services in NetMRI.

Anchor
bookmark214
bookmark214

...

    1. In the Remote Group field, enter the name of a new remote group for the authentication service. In these steps, you are mapping this group name to the NetMRI Role(s) and device group(s).
    2. Choose the Role for the new remote group. For more information, see Defining and Editing Roles.
    3. Check the check boxes for the device groups you want to allow for the remote group. Note that the SysAdmin role applies to all device groups. Other roles allow selection of individual device groups.
    4. Click OK to complete the configuration.
    5. When finished with the remote group configuration, click Save and then Close. Note that you can add multiple Roles for the remote group.
  2. Click Test to test the server settings. Enter a valid username and password. A successful test returns the list of groups to which the test user belongs.

...

Anchor

...

Using a Certificate File for an LDAP or AD Service
Using a Certificate File for an LDAP or AD Service
Using a Certificate File for an LDAP or AD Service

When you test the connection to the server, your NetMRI-to-LDAP server connections (or for Active Directory connections) allow for loading a current SSL certificate from a .PEM file. See the section NetMRI Security Settings for the process of adding SSL certificates to NetMRI. This certificate automatically appears in the authentication server’s Certificate drop-down menu after being loaded into NetMRI.

...

NetMRI SAML Attribute KeySAML Attribute ValueDescriptionExample

uid

username

User name as specified in the IDP user record.

jdoe

urn:oid:1.2.840.113549.1.9.1 or mail

mail

This is the person’s Email ID in the IDP user record.

jdoe@example.com

urn:oid:2.5.4.42 or givenName

givenName

Given name (first name) as specified in the IDP user record.

john

urn:oid:2.5.4.4 or surname

surname

Surname (last name) as specified in the IDP user record.

doe
Group AttributeCustom group attributeUser's relation to the organization or group.

memberOf

eduPersonAffiliation


To configure a NetMRI SAML authentication service, complete the following:

...