Configuring external authentication for users, Configuring external authentication for groups, 125 configuring external authentication for groups – HP XP Command View Advanced Edition Software User Manual

Configuring external authentication for users

External authentication systems, such as LDAP (for example, Active Directory), RADIUS, or Kerberos
may be used to authenticate Command View AE Suite users as they log in. You can re-configure
existing accounts, or create new accounts to use external authentication.

•

The Command View AE Suite server must be linked to an external authentication server. See the
HP P9000 Command View Advanced Edition Suite Software Administrator Guide.

•

The Command View AE Suite server must be configured to support user authentication, which
activates the Change Auth button in the GUI, and which presents authentication options such as
Internal for a local account, or LDAP for external authentication.

•

The Command View AE Suite user ID must exist on the external authentication server. It is recom-
mended that user ID information be acquired from the external authentication server administrator
before creating accounts.

1.

From the Administration tab, select Users and Permissions.

2.

Select Users folder, then select one or more users (using the checkbox) whose authentication
method you want to change, or click Add User to create a new account.

NOTE:

When creating a new account, only the User ID is required for external authentication, and must
match a user ID on the external authentication server. For a local (internal) account, a User ID
and Password are both required. When external authentication is available, new user accounts
created without a password value are automatically configured to use external authentication
(for example, LDAP is selected for you). Fill in the desired fields, and click OK to create the user
account.

3.

If you have selected existing users, click Change Auth. A dialog box is displayed. From the drop
down list, select the desired authentication method (for example, LDAP) and click OK. The user
list will be re-displayed.

4.

Review the Authentication column to verify the authentication method.

On the next login attempt by each user, the users login credentials (user ID and password) will be
validated using the external authentication server.

TIP:

Set permissions or roles so that the registered user can perform necessary operations using Command
View AE Suite products. Also consider adding user accounts to user groups with assigned roles for
controlled access to resource groups.

Configuring external authentication for groups

External authentication systems, such as LDAP (for example, Active Directory), RADIUS, or Kerberos
may be used to authenticate Command View AE Suite user group members as they log in. You can
configure one or more user groups, from one or more external authentication servers.

When linking with an external authentication server, if using together with Active Directory as an
external authorization server, user permissions can be managed by using the Active Directory groups
(authorization groups) registered on the external authorization server. In this case, user permissions
are specified for each group.

User Guide

125