The primary configuration element for the MOVEit Transfer External Authentication feature is the Authentication Source. These sources define the type of server (LDAP, RADIUS, or WS-Trust) being used for authentication, the settings for accessing that server, and the settings for dealing with users who successfully authenticate to the server. Each Authentication Source is listed on the Auth Method page of the User Policy settings section in the order they will be checked if presented with new credentials. Links are provided for editing and deleting existing sources and changing their priorities, as well as for adding new sources.
SETTINGS > Security Policies > User Auth > Auth Method > Add Authentication Source. The Add Authentication Source page opens.
Fields:
Source Name. The name that is used to identify this source. The name is listed in the authentication source list, and in each user's source affinity selection page.
Source Type. Type of authentication server that this source defines. Available types:
LDAP (Lookup + Authentication) - Incoming usernames and passwords are tried against a remote LDAP server. If authentication is successful, a new user may be created on the fly as a clone of an existing template user. User attributes such as email address and group memberships are carried over from the LDAP server.
LDAP (Authentication Only) - Incoming usernames and passwords are tried against a remote LDAP server. If authentication is successful, a new user is created as a clone of an existing template user.
RADIUS (Authentication Only) - Incoming usernames and passwords are tried against a remote RADIUS server. If authentication is successful, a new user is created as a clone of an existing template user.
WS-Trust (Authentication Only) - Incoming usernames and passwords will be tried against a remote WS-Trust server. If authentication is successful, a new user may be created as a clone of an existing template user.
LDAP Server Type (LDAP Only). Type of LDAP server that this authentication source queries. Based on this value, default settings are prefilled in several fields for the newly created authentication source, and configuration hints appropriate to the server type are displayed. Available server types: Microsoft Active Directory, Sun iPlanet, Novell eDirectory, and IBM Domino. Selecting Other will cause no default settings or configuration hints to be shown.
WS-Trust Identity Provider (WS-Trust Only). The WS-Trust server that this authentication source queries. In SAML terminology, the server is called an Identity Provider. You might have already set up an Identity Provider for the Single Signon feature. To configure a new identity provider, click Add New Federated Identity Provider. For more information, see User Authentication - Single Signon.
Note: If you have set up the Single Signon feature, use the same identity provider that you use for browser-based single signon. This enables users to use the same credentials for single signon through the browser (web interface), and username/password authentication through FTP and SSH clients.
Priority. Specifies the position of the new source in the current authentication source list. Options: Highest, Lowest, Middle.
After the new authentication source is added, a link appears at the top of the page. Click the link to go to the settings page for the new source.
Editing an Authentication Source
To edit or configure an authentication source:
SETTINGS > Security Policies > User Auth > Auth Method.
An authentication source can be configured by clicking the Edit link for it in the authentication source list. Basic settings for the authentication source can be changed in the Edit Authentication Source Settings section, which is common to all authentication source types. Other settings appear based on the type of the source.
Common Settings
The Edit Authentication Source Settings section is common to all authentication source types. Here, the friendly name of the source can be changed, along with the Enabled status.
Enabled - Select the Yes option to make the authentication source immediately available for use as soon as it is added. Otherwise, select the No option to add the source to the list as temporarily disabled, so you can fine tune the source settings before making it available.
Specific Settings
Specific settings for each of the various types of external authentication sources can be found in their own documents in this section.
