Configuring external authentication for users

Ops Center Automator User Guide

Part Number

External authentication systems can be used to authenticate user logons.

External authentication systems, such as LDAP (for example, Active Directory), RADIUS, or Kerberos can be used to authenticate Ops Center Automator users as they log on. You can reconfigure existing accounts, or create new accounts to use external authentication.

  • The Ops Center Automator server must be linked to an external authentication server. See the Hitachi Ops Center Automator Installation and Configuration Guide.
  • The Ops Center Automator server must be configured to support user authentication, which activates Change Auth in the UI, and gives authentication options such as Internal for a local account or LDAP for external authentication.
  • The Ops Center Automator user ID must exist on the external authentication server. User ID information should be acquired from the external authentication server administrator before creating accounts.

Set permissions or roles so that the registered user can complete necessary tasks by using Ops Center Automator products. Also consider adding user accounts to user groups with assigned roles for controlled access to resources.

  1. From the Administration tab, select Users and Permissions.
  2. Select the Users folder, then select one or more users for which you want to change the authentication method, or click Add User to create a new account.

    When creating a new account, only the User ID is required for external authentication, and must match a user ID on the external authentication server. For a local (internal) account, both a User ID and Password are required. When external authentication is available, new user accounts created without a password value are automatically configured to use external authentication (for example, LDAP is selected for you). Fill in the fields as needed, then click OK to create the user account.

    If you are completing an external authentication in a multiple-domain configuration or by using realms, specify a user ID that includes the domain name or realm name for the User ID. Example: user-name@domain-name or realm-name.

    When you log on, also specify your user ID in this format.

  3. If you are selecting existing users, click Change Auth. A dialog box appears. From the list, select the required authentication method (for example, LDAP), then click OK.
  4. Review the Authentication column to verify the authentication method.
On the next logon try by each user, the user's logon credentials (user ID and password) are validated by using the external authentication server.