Address Manager includes a fully-featured authentication subsystem. An Address Manager administrator uses this system to securely log in to Address Manager and administer the system when it's being configured.
Address Manager also supports mixed-mode authentication through RADIUS, LDAP, Microsoft Active Directory, and Kerberos. Support for RSA Secure ID is accomplished through the RADIUS authentication module.
The necessary settings must be in place before Address Manager can pass authentication information to these remote systems. Also, the authentication method must be associated with an Address Manager user. To do so, create an authenticator and assign it to a user.
Authenticators are system objects that represent a connection to an external authentication system. The use of that system’s native safeguards applies for communication between it and Address Manager. Address Manager acts as a proxy client for the authentication system, validating the identity of an Address Manager user without managing or validating the user’s password or credentials.
Many organizations centralize control over internal digital identities. In such scenarios, suspending or revoking credentials and password management are tightly controlled. Address Manager is designed to be deployed within all major network authentication frameworks. This lets Address Manager assist with enforcing network standards, rather than requiring a circumvention.
A user may be assigned several authenticators. These are used in order of primary-secondary.