Single sign-on and external integration, Setting up access control – Grass Valley iControl V.6.02 User Manual

iControl

User Guide

255

Single Sign-on and External Integration

The iControl architecture is open and uses standard schemas, allowing integration with
existing security infrastructures. iControl supports integration with existing directory services
using standard schemas for authentication. The system can be configured to use an external
LDAP server or directory services server instead of using the iControl LDAP server.

It is also possible to use multiple LDAP servers with referral capabilities. For example, iControl
can bind and authenticate with an external LDAP server, but manage its permissions on the
iControl LDAP server for iControl-specific resources. Referrals are supported between LDAP
databases to support multiple domain authentication.

In the case where it is not possible to get direct access to directory services, iControl can be
integrated with an existing enterprise “single sign-on” system. For example, iControl interfaces
with Netegrity SiteMinder from Computer Associates to authenticate users.

Setting up Access Control

The figure below depicts a simple scenario — a single domain with two iControl Application
Servers.