This topic describes the use of domain authentication.
For domain authentication, users authenticate against Microsoft Active Directory. When a user attempts to authenticate, the reports client asks for a user name, domain, and password and passes that information to the reports server. The reports server relays that information to the Authentication Service, which delegates user authentication to the Active Directory domain controller. The Active Directory registry stores the names and passwords of registered users within its Kerberos realm (in Microsoft Windows, a Kerberos realm is an Active Directory domain.) If the domain controller successfully authenticates the user, the user is authenticated and granted a session credential.
- If you are configuring domain authentication for users in BMC Decision Support for Server Automation for the first time, you must create domain users (user@domainName) in BMC Server Automation and run ETL with the rbac.properties file.
- If you do not create domain users in BMC Server Automation, you cannot log on to BMC Decision Support for Server Automation by using domain authentication.
To implement domain authentication, you can use the following approaches:
The most secure approach instructs the BMC Server Automation Authentication Server to refresh session credentials by consulting Active Directory. This approach requires more initial configuration. You must perform both of the following master procedures in the following order:
A less secure approach allows the BMC Server Automation Authentication Server to refresh session credentials without consulting Active Directory. Instead, the Authentication Service only checks that users exist and are enabled in the role-based access control (RBAC) system. This approach requires less configuration. If you want to use this approach, you must perform the master procedure described in Configuring for domain authentication.