Active Directory security modes


MainView Middleware Monitor provides the following forms of security for user authentication:

  • Internal Security – provided by an internal directory server.
  • Active Directory Delegate Mode Security – combines Active Directory Authentication (user identification and password checking) and Internal LDAP authorization.

Note

The Active Directory Only mode (also known as Legacy mode) security configuration that was available in earlier versions of the product is no longer supported for new installations or upgrades.

Related topics

User-authentication-and-permissions

Active-Directory-security-transport-types

Security-planning

Configuring-Active-Directory-security

Active Directory Delegate Mode security

Failed to execute the [excerpt-include] macro.

Note

When using Active Directory Delegate Mode, security users can log in using their Active Directory user name and password. Active Directory users are granted permission to work with MainView Middleware Monitor based on their group membership.

Groups must be created in MainView Middleware Monitor (using the Security Tab in the Management Console) with the same name as an existing Active Directory group. Permissions can be granted to that group to allow all members of that group to log in and use MainView Middleware Monitor.

For example, user "Bob" is a member of the Active Directory group "MQAdmins." To enable "Bob" to log in, ensure that an "MQAdmins" group exists in the product and that it has the permissions assigned appropriately to the role.

When a user logs into a MainView Middleware Monitor system that is configured in Active Directory Delegate Mode, a user account is automatically created in the internal LDAP directory. Passwords are synchronized automatically (i.e., users can change their Active Directory password without having to make any changes to MainView Middleware Monitor).


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*