NetMRI uses internal and external authentication systems to control user authentication for performing all administrative tasks. For a simple rollout, you can use the NetMRI local authentication database, which is called the local authentication service, where all user accounts and login information are contained within the appliance. You can also link NetMRI to an external Active Directory, RADIUS, TACACS+, LDAP, SAML, or OCSP authentication server or server group in the enterprise network to perform user authentication and authorization for NetMRI tasks, using the same user roles and privileges defined on the local NetMRI system. Doing so requires creating new authentication services in NetMRI.
Anchor | ||||
---|---|---|---|---|
|
...
9. Choose the Authentication, which can either be Anonymous or Authenticated. For more information, see Server Authentication: Anonymous vs. Authenticated.
a. If the setting is Authenticated, enter the Bind User DN (this is a core value defined on the LDAP server).
...
If you set the Encryption menu to None, this option remains unavailable, and authentication tests will show a blank certPath
value in the test output.
Anchor |
---|
...
|
...
|
...
|
...
|
...
Should you have a provisioned Bind User DN (Distinguished Name) and Bind Password needed for the LDAP service, perhaps for a power user, or in cases where anonymous access is not granted by policy, you can use those values to provide another level of security between NetMRI and the servers comprising the LDAP service.
...
NetMRI SAML Attribute Key | SAML Attribute Value | Description | Example |
---|---|---|---|
uid | username | User name as specified in the IDP user record. | jdoe |
urn:oid:1.2.840.113549.1.9.1 or mail | This is the person’s Email ID in the IDP user record. | jdoe@example.com | |
urn:oid:2.5.4.42 or givenName | givenName | Given name (first name) as specified in the IDP user record. | john |
urn:oid:2.5.4.4 or surname | surname | Surname (last name) as specified in the IDP user record. | doe |
Group Attribute | Custom group attribute | User's relation to the organization or group. | memberOf eduPersonAffiliation |
To configure a NetMRI SAML authentication service, complete the following:
...