Customization  User Synchronization  User Authentication Providers

User Authentication Providers

User authentication is the process of receiving and verifying user credentials and is a key component of identity management and network security. Authentication is implemented through authentication providers. User authentication providers are set up in the Manage Providers dialog box.

Four types of user authentication are supported:

User authentication is set up per user by selecting the user authentication provider from the Authentication Provider list for each user. Using an Lightweight Directory Access (LDAP)-based authentication provider enables you to validate user authentication using existing network directory services. The experience is seamless to users. If you select the Lightweight Directory Access (LDAP) or Microsoft Windows user authentication type, users cannot edit their user password. If you select Microsoft Windows authentication users will not be able to access the application unless they are logged on to the domain. Further, Microsoft Windows authentication will pass through a user’s domain credentials when accessing the application. After logging in to the application once, users should not be presented with the log on page on subsequent visits.

To provide additional security, you can set up Lightweight Directory Access (LDAP)-based authentication providers to use a secure connection (SSL) between the application and the directory services provider. This connection requires that the necessary certificates be installed on both the Web server and the directory services server.

Configuring Active Directory authentication

Each user account set up uses an authentication provider to facilitate user logon. By default, a predefined Application authentication provider is included. Multiple authentication types are supported, including those using the Lightweight Directory Access (LDAP) protocol. You can use the Manage Providers dialog box to add, modify or remove an authentication provider that uses Active Directory.

To configure Active Directory authentication
  1. In the desktop System Settings module, under Actions, click Manage Providers.
  2. In the Manage Providers dialog box, click Add.
  3. In the Authentication Provider Name box, type a name.
  4. In the Authentication Type list, select Active Directory.
  5. In the Server box, type the fully qualified distinguished name (FQDN) of the Active Directory server, for example ad.serena.com.
  6. In the Domain Filter box, type the Lightweight Directory Access (LDAP) query format for the provider, for example (objectclass=user).
  7. Type values for the corresponding boxes (first name, last name, email, and user name). The default values should be correct in most cases for Active Directory.
  8. In the Distinguished Name box, the field can accept a username (such as username) or a qualified domain name (such as domain\username) in addition to a full Lightweight Directory Access (LDAP) distinguished name.
  9. Under Connect As, enter a user name and password. This is used to verify that the provider settings have been entered correctly. In Active Directory, the user name can be a simple user name, a qualified domain name, or a full distinguished name.
  10. Click Apply. This will verify that Active Directory is accessible in the path specified, and that the query returns more than zero users. There is no user validation, as this would require using actual user passwords.
  11. If you receive a "Server does not exist" error, modify the provider properties and try again. If no errors return, close the Manage Providers dialog.

Configuring application user authentication

Each user account set up uses an authentication provider to facilitate user logon. By default, a predefined Application authentication provider is included. Multiple authentication types, including those using the Lightweight Directory Access (LDAP) protocol, are supported.

To configure application user authentication
  1. In the desktop System Settings module, under Actions, click Manage Providers.
  2. In the Manage Providers dialog box, click Add.
  3. In the Authentication Provider Name box, type a name.
  4. In the Authentication Type list, select Application.
  5. In the Server box, type the name of the server hosting the database and then in the Database Name box, type the database name.
  6. Click OK.

Configuring Novell eDirectory authentication

Each user account set up uses an authentication provider to facilitate user logon. By default, a predefined Application authentication provider is included. Multiple authentication types are supported, including those using the Lightweight Directory Access (LDAP) protocol. You can use the Manage Providers dialog box to add, modify or remove an authentication provider that uses Novell eDirectory.

To configure Novell eDirectory authentication
  1. In the desktop System Settings module, under Actions, click Manage Providers.
  2. In the Manage Providers dialog box, click Add.
  3. In the Authentication Provider Name box, type a name.
  4. In the Authentication Type list, select NDS eDirectory.
  5. In the Server box, type the fully qualified distinguished name (FQDN) of the Novell eDirectory server, for example fully.qualified.serena.com.
  6. In the Domain Filter box, type the Lightweight Directory Access (LDAP) query format for the provider, for example (objectclass=user).
  7. For the fields in the Field Mapping group box (first name, last name, email, and user name boxes), type the Lightweight Directory Access (LDAP) directory property that contains the data that best matches the field name. The default values should be correct in most cases for the Novell eDirectory Lightweight Directory Access (LDAP) provider.
  8. Under Connect As, enter a user name and password. This is used to validate the provider settings. In Novell eDirectory, the user name must be a fully qualified distinguished name (FQDN) with sufficient rights to execute the Lightweight Directory Access (LDAP) filter on the directory services server.
  9. Click Apply. This will verify that Novell eDirectory is present in the path specified, and that the Lightweight Directory Access (LDAP) query returns more than zero users. There is no user validation.
  10. If you receive a "Server does not exist" error, modify the provider properties and try again. If no errors return, close the Manage Providers dialog.

Configuring Microsoft Windows authentication

Each user account set up uses an authentication provider to facilitate user logon. By default, a predefined Application authentication provider is included. Multiple authentication types are supported, including those using the Lightweight Directory Access (LDAP) protocol. You can use the Manage Providers dialog box to add, modify or remove an authentication provider that uses Microsoft Windows.

To configure Microsoft Windows authentication
  1. In the desktop System Settings module, under Actions, click Manage Providers.
  2. In the Manage Providers dialog box, click Add.
  3. In the Authentication Provider Name box, type a name.
  4. In the Authentication Type list, select Windows.
  5. In the Domain Filter box, type the name of your Microsoft Windows domain.
  6. For the fields in the Field Mapping group box (first name, last name, and email), type the Microsoft Windows directory property that contains the data that best matches the field name. The properties in the default Microsoft Windows directory do not contain explicit properties for first name, last name, or e-mail address, so the default of FullName for last name is a reasonable choice.
  7. Click OK.

Copyright © 2003–2010 Serena Software, Inc. All rights reserved.