Web Interface - Settings - Security Policies - External Authentication - Overview
The primary configuration element for MOVEit DMZ's External Authentication feature is the Authentication
Source. These sources define the type of server (LDAP or RADIUS) being used for authentication, the settings for accessing that
server, and the settings for dealing with users who successfully authenticate to the server. Each Authentication
Source is listed on the Auth Method page of the
User Policy settings section in the order of
the order they will checked if presented with new credentials.
Links are provided for editing and deleting existing sources and changing their priorities, as
well as for adding new sources.
For more information on how External Authentication works at a higher level,
please see the "Feature Focus - External Authentication" documentation.
Adding an Authentication Source
Clicking the Add New Source link will bring up the Add Authentication Source page. Here, a new authentication
source can be created, and its basic settings defined.
The basic settings for each new authentication source are:
- Source Name - The "friendly" name which will identify this source. The name will be listed in the authentication source list, as well as each user's source affinity selection page.
- Source Type - Identifies the type of authentication server this source will be defining. The following authentication source types are available:
- LDAP (Lookup + Authentication) - Incoming usernames and passwords will be tried against a remote LDAP server. If authentication is successful, a new user may be created on the fly as a clone of an existing template user. However, user attributes such as email address and group memberships will be carried over from the LDAP server.
- LDAP (Authentication Only) - Incoming usernames and passwords will be tried against a remote LDAP server. If authentication is successful, a new user may be created on the fly as a clone of an existing template user.
- RADIUS (Authentication Only) - Incoming usernames and passwords will be tried against a remote RADIUS server. If authentication is successful, a new user may be created on the fly as a clone of an existing template user.
- LDAP Server Type (LDAP Only) - Identifies the type of LDAP server this authentication source will be querying. Based on this value, default settings will be prefilled in several fields for the newly created authentication source, and configuration hints appropriate to the server type will be displayed. Available server types are Microsoft Active Directory, Sun iPlanet, Novell eDirectory, and IBM Domino. Selecting "Other" will cause no default settings or configuration hints to be shown.
- Priority - Determines where in the current authentication source list this new source should be placed. Select "Highest" to make this new source the first source on the list. Select "Lowest" to make this new source the last source on the list. Select "Middle" to place this new source in the middle of the list.
- Host - The primary hostname (for RADIUS servers) or URL (for LDAP servers) of the authentication source. LDAP URLs should be prefixed with "LDAP://" for regular LDAP access, or "LDAPS://" for SSL-encrypted LDAP access.
(The use of LDAP over SSL is strongly recommended; most modern LDAP servers support this.
For example, see the "Active Directory - SSL" section of the "Feature Focus - External Authentication" documentation for instructions to enable SSL access on Active Directory LDAP servers.)
- Enabled - Select the Yes option to make the authentication source immediately available for use as soon as it is added. Otherwise, select the No option to add the source to the list as temporarily disabled, so you can fine tune the source settings before making it available.
Once the new authentication source is added, a link will be provided at the top of the page, allowing the administrator
to go directly to the settings page for the new source.
Editing an Authentication Source
An authentication source can be configured by clicking the Edit link for it in the authentication source list. Basic
settings for the authentication source can be changed in the Edit Authentication Source Settings section, which is common
to all authentication source types. Other settings appear based on the type of the source.
Common Settings
The Edit Authentication Source Settings section is common to all authentication source types. Here, the friendly name of
the source can be changed, along with the Enabled status.
Specific Settings
Specific settings for each of the various types of external authentication sources can
be found in their own documents in this section.