Authenticators - BlueCat Integrity - 9.3.0

Address Manager API Guide

Locale
English
Product name
BlueCat Integrity
Version
9.3.0

Address Manager includes a fully-featured authentication subsystem. An Address Manager administrator uses this system to securely log in to Address Manager and administer the system when it's being configured.

Address Manager also supports mixed-mode authentication through RADIUS, LDAP, Microsoft Active Directory, and Kerberos. Support for RSA Secure ID is accomplished through the RADIUS authentication module.

The necessary settings must be in place before Address Manager can pass authentication information to these remote systems. Also, the authentication method must be associated with an Address Manager user. To do so, create an authenticator and assign it to a user.

Authenticators are system objects that represent a connection to an external authentication system. The use of that system’s native safeguards applies for communication between it and Address Manager. Address Manager acts as a proxy client for the authentication system, validating the identity of an Address Manager user without managing or validating the user’s password or credentials.

After the users are authenticated against the external system, they are considered to be validated in Address Manager until they close their sessions, or until it's invalidated by a session time-out.
Note: Authentication is not a substitute for Address Manager user management. To log into the system, you must still be an Address Manager user. Authenticators rather transfer the responsibility of validating credentials to another system.

Many organizations centralize control over internal digital identities. In such scenarios, suspending or revoking credentials and password management are tightly controlled. Address Manager is designed to be deployed within all major network authentication frameworks. This lets Address Manager assist with enforcing network standards, rather than requiring a circumvention.

A user may be assigned several authenticators. These are used in order of primary-secondary.