7 about directory service authentication, 8 managing user passwords – HP OneView User Manual
Page 181
When logging in to the appliance, each user is authenticated by the authentication directory
service, which confirms the user name and password. Use the Authentication settings panel to
configure authentication settings on the appliance, which is populated with default values during
first-time setup of the appliance.
To view or make changes to Authentication settings, log in with Infrastructure administrator privileges.
No other users are permitted to change or view these settings.
View and access the Authentication settings by using the UI and selecting
Settings
→Security→Authentication or with the REST APIs.
25.7 About directory service authentication
You can use an external authentication directory service (also called an enterprise directory or
authentication login domain) to provide a single sign-on for groups of users instead of maintaining
individual local login accounts. Each user in a group is assigned the same role (for example,
Infrastructure administrator). An example of an authentication directory service is a corporate
directory that uses LDAP (Lightweight Directory Access Protocol).
After the directory service is configured, any user in the group can log in to the appliance. On the
login window, the user:
•
Enters their user name (typically, the Common-Name attribute, CN).
•
Enters their password.
•
Selects the authentication directory service. This box appears only if you have added an
authentication directory service to the appliance.
In the Session control, ( ) the user is identified by their name preceded by the authentication
directory service. For example:
CorpDir\pat
When you add an authentication directory service to the appliance, you provide search criteria
so that the appliance can find the group by its DN (Distinguished Name). For example, the following
attribute values identify a group of administrators in a Microsoft Active Directory:
distinguishedName CN=Administrator,CN=Users,DC=example,DC=com
If you replicate the authentication directory service for high availability or disaster tolerance, add
the replicated directory service as a separate directory service.
After configuring and adding a directory server, you can designate it as the default directory
service.
You can:
•
Allow local logins only, which is the default.
•
Allow both local logins and logins for user accounts authenticated by the directory service.
•
Disable local logins, which restricts logins to user accounts authenticated by the directory
service.
25.8 Managing user passwords
A user with Infrastructure administrator privileges can manage the passwords of all local users on
the appliance using the UI or the REST APIs. Users without Infrastructure administrator privileges
can manage only their own passwords.
As Infrastructure administrator, you can view all users logged in to the appliance with the Users
and Groups screen or REST APIs. Select any user, and then edit their password or assigned role.
All other local users can edit their own passwords by using the UI or the REST APIs. In the UI, click
the Session icon in the top banner, and then click the Edit icon to change their current password
or contact information.
25.7 About directory service authentication
181