Adding external authenticators - BlueCat Integrity - 26.1.0

Address Manager Administration Guide
ft:locale
en-US
Product name
BlueCat Integrity
Version
26.1.0

Address Manager includes a fully featured authentication subsystem, and supports mixed-mode authentication through Kerberos, LDAP, Microsoft Active Directory, or RADIUS. Support for RSA SecurID is accomplished through the RADIUS authentication module.

Before Address Manager can exchange authentication information with a remote system, the authenticator must be defined and associated with an Address Manager user. For instructions on how to assign an authenticator to a user, refer to User groups.

Authenticators are a type of system object that represent a connection to an external authentication system. That system’s native safeguards apply for communications between it and Address Manager. Address Manager acts as a proxy client for the authentication system, validating the identity of an Address Manager user without managing or validating the user’s password or credentials. After the external authenticator validates the user, Address Manager considers the user valid until the session closes or times out.
Note: External authentication is not a substitute for Address Manager user management. Authenticators merely shift the responsibility of validating credentials to another system.

You can add more than one authenticator to a user, so that a secondary authenticator can be used if the primary authenticator isn't available. Authenticators can be tested to confirm that Address Manager can communicator with the external service.

The Authenticators page lets you add external authenticators to the Address Manager system.

Note: IPv6 authentication where the FQDN points to a resolvable AAAA resource record and the authentication system fully supports IPv6 should function as designed. All testing and validation of these IPv6 authentication solutions must be made and are not supported at this time. No IP address configuration options support IPv6 addresses at this time and must use IPv4 addresses only.

To add an external authenticator:

  1. Select the Settings tab in the sidebar.
  2. Under System security, select Authenticators.
  3. Select New, then select from the following authenticators. Refer to the associated topics for authenticator specific field information.
    • Note:
      • When you create an authenticator for Microsoft Active Directory, select LDAP or Kerberos. If you intend to use an LDAP User Group, you should select LDAP, otherwise, select Kerberos. For more information on LDAP User Groups, refer to Adding LDAP user groups.
      • If creating an RSA SecurID authenticator, select Radius.