Domain authentication

This topic describes the use of domain authentication.

For domain authentication, users authenticate against Microsoft Active Directory. When a user attempts to authenticate, the reports client asks for a user name, domain, and password and passes that information to the reports server. The reports server relays that information to the Authentication Service, which delegates user authentication to the Active Directory domain controller. The Active Directory registry stores the names and passwords of registered users within its Kerberos realm (in Microsoft Windows, a Kerberos realm is an Active Directory domain.) If the domain controller successfully authenticates the user, the user is authenticated and granted a session credential.

To implement domain authentication, you can use the following approaches:

• The most secure approach instructs the TrueSight Server Automation Authentication Server to refresh session credentials by consulting Active Directory. Perform the following procedures:
  1. Registering-an-Authentication-Service-in-an-Active-Directory-domain
  2. Configuring-for-domain-authentication
• A less secure approach allows the TrueSight Server Automation Authentication Server to refresh session credentials without consulting Active Directory. Instead, the Authentication Service only checks that users exist and are enabled in the role-based access control (RBAC) system. This approach requires less configuration. If you want to use this approach, you must perform the procedure described in Configuring-for-domain-authentication.