Setting up an authentication profile

An authentication profile is a collection of information that the system uses to conduct a logon session. When you log on to the BMC Server Automation Console, you must select an authentication profile.

When you set up an authentication profile, you can choose the type of authentication you want to perform. By default, BMC Server Automation provides secure remote password (SRP) authentication. For more information about configuring all types of authentication, see Implementing authentication.

During a logon session, the Authentication Service authenticates users and issues session credentials. The Authentication Service is a service implemented within the BMC Server Automation Application Server. The Authentication Service is responsible for authenticating users and issuing session credentials.

To set up an authentication profile

1. To open the logon window for the BMC Server Automation Console, do one of the following:
   • (Microsoft Windows) Perform one of the following steps:
     • From the Start menu, select Programs > BMC Software > BladeLogic Server Automation Suite > Server Automation Console releaseNumber.

     • From the directory where BMC Server Automation is installed (for example, C:\Program Files\BMC Software\BladeLogic\CM), enter:

       .\rcp\BSAClient.exe

       If more than one version of the client is installed, the different versions reside in directories called BladeLogicN, such as BladeLogic2.

   • (UNIX) From the directory where BMC Server Automation is installed (for example, /opt/bmc/BladeLogic/CM), enter:

     ./rcp/bsaclient.sh

2. In the logon window, click Options. The window expands to show additional options in a tabbed format.
3. Click the Authentication Profile tab.
4. Do one of the following:
   • To modify an existing authentication profile, select the profile in the profiles list. Then click Edit. The Edit Authentication Profile dialog opens.
   • To create a new profile, click Add. The New Authentication Profile dialog box opens. It provides the same fields as the Edit Authentication Profile dialog box.

5. In the Authentication Profile dialog box, enter values for the following:

   Profile Name	Name you assign to this authentication profile. For example, you could assign a name such as QATeam or DevTeam.
   Application Server	Name or IP address (IPv4 or IPv6) of the Application Server to which the client should connect. Note: If you specify an IPv6 address, enclose the server address in square brackets. For example, [2001:db8::1:2].
   Authentication Port	Port to which the client should connect to the Authentication Service. The same port is used for all BMC Server Automation authentication mechanisms.
   Authentication Method	The authentication mechanism for this authentication profile. Specify the mechanism by performing one of the following actions: Select Secure Remote Password. Select AD/Kerberos Single Sign-on. Select Domain Authentication. Select LDAP. Optionally, for Distinguished Name Template, enter the name of a distinguished name template used to identify LDAP users. This is not necessary if you activated the Enhanced LDAP Authentication feature that enables the use of a shorter user name (rather than the full distinguished name) during authentication. For more information about distinguished name templates and about Enhanced LDAP Authentication, see Implementing LDAP authentication. Select RSA SecurID Authentication. Select Public Key Infrastructure Authentication.

6. Click OK.