Configuring MSAD authentication

You can use a Microsoft Active Directory (MSAD) server on the network to authenticate users. After a user is authenticated, the system creates a user record in the system database, along with a copy of the user's MSAD group associations. 

You configure MSAD authentication similarly to LDAP authentication.

To configure MSAD authentication

  1. On the System tab, from the left menu, click Settings.
  2. Click Login Config.
  3. From the Driver list, select Microsoft Active Directory.
  4. Click Set and Configure.
  5. Enter appropriate information for each of the MSAD settings: 
    • Active Directory Server: Hostname or the IP address of the Active Directory Server that you are using. (For example, adprod.bmc.com).
    • Active Directory RDN: Hostname or the IP address of the Active Directory Relative Distinguished Name (RDN) that you are using. (For example, adprod.bmc.com).

    • Allowed User DN (Empty for open access): Configuration parameters for establishing the connection to the Active Directory Server. Specify the group of users allowed to login the application. (For example, CN=varalogix_users,OU=Distribution Groups,OU=Security,DC=yourdomain,DC=com). If this field is blank, any MSAD user can login with the “Standard” user access.

      Note

      Unlike in the LDAP authentication, the MSAD authentication only allows one entry per the DN field, therefore use the MSAD groups for each entry.

    • Admin User DN: Users from this group are granted the administrator privileges. If this field is left blank, only the root user is granted admin privileges. (For example, CN=varalogix_admins,OU=Distribution Groups,OU=Security,DC=yourdomain,DC=com).
    • Standard User DN: Users from this group are granted the standard user rights, without the access to the System tab. (For example, CN=varalogix_users,OU=Distribution Groups,OU=Security,DC=yourdomain,DC=com).

    • Report Only User DN: Users from this group are granted the rights to only view the reports. (For example, CN=varalogix_reporters,OU=Distribution Groups,OU=Security,DC=yourdomain,DC=com).

      Note

      You can also have a single user entry for each of the DN fields. (For example: CN=auser,OU=Domain Users,OU=Security,DC=domain,DC=com).

  6. Enter a valid user's MSAD user credentials.
  7. Click Apply and Test.
     The results of the configuration are presented in the Status section. Use this section to debug configuration issues.

Related topics

Configuring-local-authentication

Configuring-LDAP-authentication

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*