×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
TrueSight Middleware and Transaction Monitor 8.1 ... Planning Security planning

Active Directory security modes

TrueSight Middleware and Transaction Monitor provides the following forms of security for user authentication:

  • Internal Security – provided by an internal directory server.
  • Active Directory Delegate Mode Security – combines Active Directory Authentication (user identification and password checking) and Internal LDAP authorization.

Note

The Active Directory Only mode (also known as Legacy mode) security configuration that was available in earlier versions of the product is no longer supported for new installations or upgrades.

Related topics

User authentication and permissions 

Active Directory security transport types

Security planning

Configuring Active Directory security

Active Directory Delegate Mode security

Active Directory Delegate Mode Security allows for configuring TrueSight Middleware and Transaction Monitor security to authenticate a user via their Active Directory credentials and group memberships while allowing for TrueSight Middleware and Transaction Monitor user and group authorization and configuration information to be stored in its internal database.

This mode alleviates the need to modify the Active Directory schema. It might require the Active Directory administrator to set up Groups and User associations that are used to dictate a user's level of authority. Internal users (such as TopicService, etc.) are maintained in the internal TrueSight Middleware and Transaction Monitor database, and are not required in the Active Directory domain.

You can configure Active Directory Delegate Mode security either automatically with the securityconfig tool (the recommended method), or manually by modifying the services.cfg file.

Note

When using Active Directory Delegate Mode, security users can log in using their Active Directory user name and password. Active Directory users are granted permission to work with TrueSight Middleware and Transaction Monitor based on their group membership.

Groups must be created in TrueSight Middleware and Transaction Monitor (using the Security Tab in the Management Console) with the same name as an existing Active Directory group. Permissions can be granted to that group to allow all members of that group to log in and use TrueSight Middleware and Transaction Monitor.

For example, user "Bob" is a member of the Active Directory group "MQAdmins." To enable "Bob" to log in, ensure that an "MQAdmins" group exists in the product and that it has the permissions assigned appropriately to the role.

When a user logs into a TrueSight Middleware and Transaction Monitor system that is configured in Active Directory Delegate Mode, a user account is automatically created in the internal LDAP directory. Passwords are synchronized automatically (i.e., users can change their Active Directory password without having to make any changes to TrueSight Middleware and Transaction Monitor).


Was this page helpful? Yes No Submitting... Thank you
Last modified by Ashley Pearson on Apr 24, 2017
access_control security active_directory planning

Comments

Log in or register to comment.

Default permissions for TrueSight Middleware and Transaction Monitor
Active Directory security transport types
© Copyright 2015 BMC Software, Inc.
© Copyright 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.