In MOVEit Transfer, an Authentication Source defines the expected server (LDAP, RADIUS, or WS-Trust) used to lookup user credentials. It allows you to specify the settings for accessing that server and the settings for users who successfully authenticate to the server. Each Authentication Source is listed on the Auth Method page of the User Policy settings section. Order in the table indicates lookup order.
For more information on how External Authentication works, see Feature Focus - User Authentication.
Adding an Authentication Source
You add authentication sources from the Security Policy page (SETTINGS > Security Policies > User Auth > Auth Method - Set Authentication Method).
Guidelines for adding an authentication source:
Only Admin-level users (or above) can add/edit authentication sources.
In order to add an Authentication Source, you must first enable an authentication method that requires an external source. For example (from the Set Authentication Method panel):
External Source Settings
Source Name. The name that is used to identify this source. The name is listed in the authentication source list, and in each user's source affinity selection page.
Source Type. Type of authentication server:
LDAP (Lookup + Authentication) - Incoming usernames and passwords are tried against a remote LDAP server. If authentication is successful, a new user may be created on the fly as a clone of an existing template user. User attributes such as email address and group memberships are carried over from the LDAP server.
LDAP (Authentication Only) - Incoming usernames and passwords are tried against a remote LDAP server. If authentication is successful, a new user is created as a clone of an existing template user.
RADIUS (Authentication Only) - Incoming usernames and passwords are tried against a remote RADIUS server. If authentication is successful, a new user is created as a clone of an existing template user.
WS-Trust (Authentication Only) - Incoming usernames and passwords will be tried against a remote WS-Trust server. If authentication is successful, a new user may be created as a clone of an existing template user.
LDAP Server Type (LDAP Only). Type of LDAP server that this authentication source queries. Based on this value, default settings are prefilled in several fields for the newly created authentication source, and configuration hints appropriate to the server type are displayed. Available server types: Microsoft Active Directory, Sun iPlanet, Novell eDirectory, and IBM Domino. Selecting Other will cause no default settings or configuration hints to be shown.
WS-Trust Identity Provider (WS-Trust Only). The WS-Trust server that this authentication source queries. In SAML terminology, the server is called an Identity Provider. You might have already set up an Identity Provider for the Single Signon feature. To configure a new identity provider, click Add New Federated Identity Provider. For more information, see User Authentication - Single Signon.
Note: If you have set up the Single Signon feature, use the same identity provider that you use for browser-based single signon. This enables users to use the same credentials for single signon through the browser (web interface), and username/password authentication through FTP and SSH clients.
Priority. Specifies the position of the new source in the current authentication source list. Options: Highest, Lowest, Middle.
After the new authentication source is added, a link appears at the top of the page. Click the link to go to the settings page for the new source.
Common Settings
The Edit Authentication Source Settings section is common to all authentication source types. Here, the friendly name of the source can be changed, along with the Enabled status.
Enabled - Select the Yes option to make the authentication source immediately available for use as soon as it is added. Otherwise, select the No option to add the source to the list as temporarily disabled, so you can fine tune the source settings before making it available.
Specific Settings
Specific settings for each of the various types of external authentication sources can be found in their own documents in this section.
