Configuring external authentication for groups

Ops Center Automator User Guide

Version
10.8.x
File Size
3.6 MB
Audience
anonymous
Part Number
MK-99AUT001-14

You can use external authentication systems to authenticate user groups.

You can use external authentication systems, such as LDAP (for example, Active Directory), RADIUS, or Kerberos to authenticate Hitachi Ops Center user group members as they log on. You can configure one or more user groups, from one or more external authentication servers.

When linking with an external authentication server, if using together with Active Directory as an external authorization server, you can manage user permissions by using the Active Directory groups (authorization groups) registered on the external authorization server. In this case, user permissions are specified for each group.

  • The Ops Center Automator server must be linked to an external authentication server. See the Hitachi Ops Center Automator Installation and Configuration Guide.
  • The Ops Center Automator server must be configured to support group authentication, which activates the Groups folder in the UI.
  • The Ops Center Automator user group must exist on the external authentication server.The required domain and group information should be acquired from the external authentication server administrator.
  1. From the Administration tab, select Users and Permissions.
  2. Click the Groups folder to display the Domain List. This is a list of external authentication servers listed by domain name, and host name or IP address. If the Groups folder is not visible, see the previous prerequisites.
  3. Select the required Domain Name to show the Group List, which might be empty ("No Groups" appears). Click Add Groups.
  4. Enter the Distinguished Name for the group. Use Check DN to verify a correct DN entry. Click OK to save your group and view the Group List again. The Group Name is derived from the entered DN. To specify multiple groups, note that:
    • You can add multiple DNs at the same time using the "+" button
    • If multiple DNs are listed, you can remove an entry with the "-" button
    • Reset clears all DN entries
  5. From the Group List, click the Group Name link, then click Change Permission and set the Ops Center Automator permissions for the group (repeat this for each new group).
    Your groups are now visible in the Administration tab User Groups folder.
  6. (Optional) You can associate the groups with resource groups and roles, just as you can do with Ops Center Automator user groups. If you delete external authentication groups from Users and Permissions later, the groups are also removed from the User Groups list.
  7. (Optional) To delete registered authorization groups, select the check boxes of the groups to delete, and then click Delete Groups.
On the next logon try by each group member, the user's logon credentials (User ID and Password) are verified using the external authentication server.