Authentication Server

The MVCM Authentication Server validates requests from other MVCM services for user access to resources such as consoles. The server may be stopped and started from this page and a tabbed interface allows you to configure the many options available.

General tab

General tab

  • General-Settings The main Authentication Server page allows you to set the server port, log file size and count, and the authentication method. The Authentication Server is also started and stopped on this page.
  • Account-policies The main Account Policies page allows you to establish security criteria and policies for user accounts and passwords and to set default values. It also provides the ability to automatically disable or delete inactive user accounts, and to receive warning notification prior to this occurrence.
  • Establishing-a-PKI-certificate-trust-store A trust store contains certificates used for operator and administrator authentication. When an MVCA viewer or CCS client connect and client certificates are required, the PKI trust store will be accessed to ensure the user's client certificate is requested and validated using the root certificates in the MVCM certificate trust store.
  • LDAP-Active-Directory-Authentication The Lightweight Directory Access Protocol is a standard protocol utilized by many popular user repositories including Microsoft Active Directory, ACF2, and RACF. Selecting the LDAP/Active Directory option configures the Authentication Server to connect to an LDAP server to authentication the user and (optionally) obtain group membership information.
  • Upload-Authentication-Program The Upload Program page allows you to browse for and upload an external authentication program.
  • Users The Users page lists the currently defined User Accounts used to validate authentication requests when Database is chosen as the Authentication Method on the General tab. The local user database may also be used when external authentication is selected if either of the following options are being used:
  • Edit-user The New/Edit User page allows you to create a new user or edit an existing user and specify all of the access criteria for the user. This page has both User Info and Assign Resources tabs for configuring basic user information and resource access respectively.
  • Groups The Groups page lists user groups that have been created for resource access purposes. The use of groups is optional, if you have a relatively small number of users you may configure access entirely on a per-user basis.
  • Edit-Group The New/Edit Group page allows you to create a new group or edit an existing group and specify all of the access criteria and group members. This page has Group Info, Select Users and Assign Resources tabs for configuring basic group information, user membership and resource access respectively.
  • Resources The Resources page lists the currently defined resources along with their type and whether they are accessible by all users or only specific ones. This control may be used to limit the resources displayed in the table to those matching the selected type.
  • Edit-Resource-Assignments The Edit Resource page allows you to specify who may access this resource. This page has both Assign Groups and Assign Users tabs for configuring group and individual user access respectively.
  • Logs The Logs page allows you to view and manage log files. A table displays the logfile(s) with logfile names and buttons for viewing or downloading them. You may click on some of the column labels (Log File, Modified Date, Size) to change the sorting of the files.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*