5.8.1 Choose Authentication Method

Authentication validates the user's identity based on some credentials, such as a username/password combination or a client certificate. Select a method to authenticate users:

  • None - Management and Security Server does not present a login screen. Any user can access their assigned sessions without being prompted for credentials. Session authorization is not available.

    NOTE:If you set the authorization method to None, be aware that all users are logged in as Guest. During session configuration, it is best to not allow users to modify their session settings (User Preference Rules), because they can overwrite each other’s choices.

  • LDAP - Management and Security Server makes a read-only connection to your existing LDAP (Lightweight Directory Access Protocol) server to verify usernames and passwords. You can also use LDAP to authorize session access. LDAP is an industry standard application protocol for accessing and maintaining distributed directory information services over a network.

    NOTE: You can enable more than one LDAP server.

  • Single sign-on through IIS - This option uses Microsoft IIS web server. This option requires no additional setup as long as you used the automated installer and chose to integrate with IIS during the installation process. You can find more information on install configurations in the MSS Installation Guide.

  • Single sign-on through Windows authentication - This option uses the NT LAN Manager version 2 (NTLM v2) protocol to authenticate users. When a user logs into the Windows domain and requests a session using a web browser that supports integrated authentication though NTLM v2, a secure hash of the user's credentials is sent to a domain controller for verification. Once verified, the Administrative Server establishes an authenticated HTTP session with the user's browser.

    NOTE:NTLM v1 is no longer supported. Any settings saved for Single sign-on through Windows are exclusively for NTML v2 and will overwrite any existing NTLM v1 settings.

    Microsoft Internet Explorer, as well as other web browsers, support integrated authentication through NTLM, but other browsers may require additional configuration to enable this functionality. The computer running the Administrative Server does not need to be a member of the Windows domain.

  • X.509 - X.509 is a standard for managing digital certificates and public key encryption. When you use certificate-based authentication, you can specify the certificate source and setting for LDAP failover if certificate-based authentication fails.

  • SiteMinder - To enable this option on a Windows system, install both the Administrative Server and a SiteMinder web agent on the same machine as IIS, and set up the server to use your IIS web server.

The setup options vary based on your selection.

Related Topics