Identity Management in Quercus. CampusIT_QUERCUS

Size: px
Start display at page:

Download "Identity Management in Quercus. CampusIT_QUERCUS"

Transcription

1 Identity Management in Quercus Student Interaction. Simplified CampusIT_QUERCUS

2 Document information Document version 1.0 Document title Identity Management in Quercus Copyright All rights reserved. No part of this document may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, recording, photocopying or otherwise outside of CampusIT Limited and without the prior permission of CampusIT Limited. Identity Management in Quercus 2

3 Table of Contents 1 What is identity management? The importance of identity why Quercus needs identity management User privilege User association Summary: why your identity is important How identity is established What is an IDM? Identity Management System components LDAP LDAP entries LDAP groups Directory structure Distinguished Names (DN) Other names Example LDAP implementations supported in Quercus The CampusIT Embedded option External LDAP system or the CampusIT Embedded option? Benefits of an external IDM (Identity Management System) Drawbacks of an external IDM (Identity Management System) External versus CampusIT Embedded How Quercus uses the IDM Configuring LDAP in Quercus Integrating with an external LDAP server LDAP parameters List of LDAP parameters Binding to LDAP Explanation of LDAP parameters Establishing the LDAP connection Binding to LDAP Note Summary of steps Example: Establishing the LDAP connection to a Microsoft Active Directory server Note Connect to the server and test the connection Identify the Admin User in Quercus Check the Admin User can authenticate to the LDAP server from Quercus Enable SSL communication if required Specify the location of the Oracle LDAP Wallet Import the domain certificate into the Wallet Specify the location of the LDAP user base Link Quercus accounts with Active Directory LDAP accounts Example of a user account User Names Set up LDAP groups Test the installation CampusIT Embedded What is CampusIT Embedded? Implementation details APIs Database tables Passwords Using CampusIT Embedded Migration from CampusIT Embedded to an external IDM Index...33 Identity Management in Quercus 3

4 1 What is identity management? 1.1 The importance of identity why Quercus needs identity management Hey John. Don t I know your face, are ye Paddy Reilly or Brendan Grace, Are ye Mary Black or Freddie White? says he. Christy Moore Welcome to the Cabaret In order to function correctly, Quercus needs to know the identity of someone who wishes to use a particular service. By identity we simply mean who you are are you John Anonymous, Mary Black, Freddie White or Christy Moore? Your identity is of critical importance because it provides the link to your user profile. Your user profile stores a range of information about you including your level of user privilege and your association with particular courses or organisations User privilege Your level of user privilege determines what actions you can and cannot perform and what services you can and cannot access. For example, if you have applied for a particular course you will be able to view the progress of your application but you will not be able to download course materials. If you are registered on the course you will be able to download materials and communicate with your tutor. If you are the tutor for the course you can upload course materials and enter marks for your students. If you are a course administrator you can add and delete tutors and students from the course. In Quercus, user privilege is controlled through your membership of LDAP groups. Membership of a specific LDAP group conveys various privileges to group members. So, if you are a member of the OAPL_APPLICATION LDAP group you can access service requests received through Case Manager services; if you are a member of the OAPL_SERVICE_ADMIN group you can set up and manage new student-facing Case Management services User association Your association with with particular courses (or organisations), in combination with the Quercus security model, determines which information you are allowed to access. So, if the person security model is implemented, then you will only be able to view applications for the courses for which you are a tutor Summary: why your identity is important Your identity is important because it allows Quercus to make the necessary judgements about what you can and cannot do and what information you can and cannot see. Quercus can do this because your identity is linked to a user profile which establishes your membership of LDAP groups and your association with courses and organisations. For more information see 1.2 How identity is established Quercus can use its own methods to establish a user s identity or it can outsource this process to a third-party identity management management system. In practice this means: In the scenario where you log in directly to Quercus, Quercus establishes your identity by checking your user name and password against an internal table of usernames and password hash-values. Note: for security reasons Quercus does not store actual passwords in the table. Only salt-protected one-way hash values are stored. This makes it impossible to retrieve what password is user using whilst still enabling the password to be validated. In other scenarios (which are described below) Quercus hands over the task of identity verification to an external identity management system. Identity Management in Quercus 4

5 1.3 What is an IDM? An identity Management System or IDM is an application which centralises the authentication of users in situations where users need to access multiple applications within a corporate environment. Instead of each system having its own database of users, the individual systems make use of a central user database. Identity Management in Quercus 5

6 2 Identity Management System components An identity management system is constructed from a number of components which can be deployed in various ways. The most commonly used components are described below. Component Description Service provider A service provider is a system which provides a service to the end-user. Quercus is a service provider in this sense. Identity provider An identity provider is a system which can confirm the credentials of an authenticated user in response to a request from a service provider. LDAP server Identity providers often take the form of LDAP servers. LDAP (Lightweight Directory Access Protocol) provides a standard set of methods for referencing, storing and retrieving user profile information. LDAP databases can be thought of as large-scale dictionaries optimised for fast lookup of user profiles. What constitutes profile information can vary from organisation to organisation but generally includes name, contact details, organisation and role plus the membership of specific user groups known as LDAP groups. SSO (Single sign on) SSO allows a user to log in once in order to gain access to all enterprise systems. Users enter their user IDs and passwords for one system and they are authenticated and signed in to all other systems to which they are authorised to access. From the end-user s perspective SSO provides the main visible benefit of a centralised IDM just one log-in gives you access to all the enterprise systems you need. Shibboleth Shibboleth is a widely used open source platform which can be used to enable the single-sign-on functionality and allow the sharing of user information between systems. Shibboleth is basically a set of server-side technological components which orchestrates the communication between an IDM LDAP server and the various systems which are in use. Once you sign into a participating Shibboleth system you are authenticated to all other participating systems allowing you to navigate seamlessly from one system to another. SAML The messages which Shibboleth passes between systems are encoded using SAML (Security Assertion Markup Language). SAML provides a standard way of representing the authentication and authorisation messages which are passed between the identity provider (the LDAP server) and the service providers (of which Quercus is an example). Identity Management in Quercus 6

7 3 LDAP 3.1 LDAP entries An LDAP directory holds the records of many users. The record of an individual user is known as an entry. Each entry is associated with a collection of attributes. An attribute has a name and one or more values. Each LDAP directory has its own set of allowed attributes. These are defined in a schema. Typically attributes will be grouped into families such as general user details, address details, application accounts and so on. A typical list of attributes is shown below. 3.2 Attribute Description cn Name c Business country department Business department givenname First name homephone Home phone number homepostaladdress Home postal address info Notes initials Initials l Business city mail address mobile Home cellphone number organizationname Company name otherfacsimiletelephonenumber Home fax number otherpager Business pager number physicaldeliveryofficename Location of office at work postaladdress Business postal address postalcode Business postal code sn Last Name st Business state/province telephonenumber Business phone number title Job title url Business web page LDAP groups In addition to storing user profile information, LDAP servers often store information about user groups. These groups are simply named entities. They are known as LDAP groups. The LDAP server does not use the groups for any purpose it simply maintains the groups. The meaning of the groups is determined by the various systems which use the IDM and the links between users and LDAP groups are held in these systems. 3.3 Directory structure LDAP directories have a tree structure similar to the folder structure of a computer s operating system. So entries can be subdivided to reflect the structure organisation. Specific operations can be allowed or disallowed for particular branches of the tree. Identity Management in Quercus 7

8 3.4 Distinguished Names (DN) Each LDAP directory entry has a unique identifier known as a Distinguished Name (DN). A DN specifies the position of an entry in the directory and is is similar, conceptually, to using a filepath as a unique resource identifier on a computer. A DN is written left (most specific) to right (least specific) and looks something like this: DN: uid=fwhite,ou=staff,dc=campusit,dc=org However, because a DN may change when entries are moved within the tree structure, a user will also be uniquely identified (e.g. by the samaccountname or the userprincipalname) in a way that provides a pointer to the user record that is independent of the DN. 3.5 Other names Within the LDAP structure there are several other conventionally used abbreviations: CN = Common Name OU = Organizational Unit DC = Domain Component 3.6 Example So combining the various names and attributes the record of a typical user might look something like this: dn: cn=freddie White,dc=campusit,dc=org cn: Freddie White givenname: Freddie sn: White telephonenumber: mail: manager: cn=mary Black,dc=campusit,dc=org objectclass: inetorgperson objectclass: organizationalperson objectclass: person objectclass: top 3.7 LDAP implementations supported in Quercus Quercus supports the following LDAP implementations: 3.8 Apache Directory Server Microsoft Active Directory Novell edirectory OpenLDAP Oracle Internet Directory The CampusIT Embedded option In addition, Quercus has its own IDM-equivalent option known as CampusIT Embedded. CampusIT Embedded provides you with an alternative identity management solution if you do not want Quercus to be integrated with an external IDM. CampusIT Embedded allows you to set up and maintain LDAP users and LDAP groups in the same way that an external LDAP solution would, except that its use is confined to Quercus. CampusIT Embedded allows you to run Quercus as a totally standalone system without dependency on any external LDAP server. Identity Management in Quercus 8

9 3.9 External LDAP system or the CampusIT Embedded option? Given that you have a choice between using an external LDAP option or the CampusIT Embedded option, which should you use? Benefits of an external IDM (Identity Management System) If an institution s users regularly need to switch between applications supplied by different vendors it may result in the need to memorise a different login and password combination for each system. This requirement may confuse users, resulting in regular loss of passwords and imposing a corresponding load on support staff. In addition, a centralised IDM removes the need to maintain the same data in several different systems, reducing data redundancy and increasing data quality Drawbacks of an external IDM (Identity Management System) Centralised IDMs may be complicated to maintain as they introduce additional requirements for secure data transport and communication between systems. In addition, a central IDM may introduce the single-point-of-failure for all enterprise systems should the IDM become unavailable. Identity Management in Quercus 9

10 3.10 External versus CampusIT Embedded Before making the decision to delegate Quercus authentication to a centralised IDM, you will need to work out where the balance lies between the advantages and disadvantages listed above. Factors favouring an external IDM Factors favouring the use of CampusIT Embedded A typical user needs to access multiple enterprise systems Users tend to be associated with specific systems User s level of privilege for each each individual system is based User s level of privilege for each each individual system is upon common criteria (for example membership of a specific specific to the operation of the system in question (e.g. power division or office, role, seniority, location, etc.) user, content creator) Users find it difficult to manage multiple logins and passwords Users are capable of managing multiple passwords and logins High volume of user profile data stored. Many of the systems require access to the same nodes within this data set. Low volume of user profile data stored. Reliable established messaging infrastructure allowing data transport between IDM and enterprise systems Messaging system infrastructure unreliable High availability of IDM can be guaranteed High availability of IDM cannot be guaranteed Good understanding within the enterprise of IDM functionality distributed across the technical team Poor understanding within the enterprise of IDM functionality or understanding confined to a small number of individuals Identity Management in Quercus 10

11 4 How Quercus uses the IDM Task in Quercus External CampusIT Embedded Authenticate user (login) Quercus sends user name and password entered by user to LDAP server for verification. It retrieves unique user ID to match username with the user record in the Quercus database. User name and password is validated against data stored in a Quercus table. Authorize user Quercus sends query to LDAP server to find out if user is member of a particular group. Quercus queries a local table to find out if user is member of a particular group. Provision a new account Quercus sends a request to the LDAP server to create a new user account. Link between user account in LDAP and user record in Quercus is established via unique user id. User account is provisioned directly in the Quercus table. Reset or change user password (Note 1) Quercus sends a request to the LDAP server to reset a user password. Password is changed directly in the Quercus table. Change user permissions (Note 2) Quercus sends a request to the LDAP server to add or remove user from a specific LDAP group. User is added or removed from a group in the Quercu table. Note 1: This feature is optional for example, in a situation where a customer already has a global forgotten password service there would be no need to make use of it. Note 2: This feature is optional for example, in a situation where a customer is using native LDAP tools exclusively there would be no need to make use of it. Identity Management in Quercus 11

12 5 Configuring LDAP in Quercus 5.1 Integrating with an external LDAP server Quercus can be integrated with any of the five supported external LDAP implementations (Apache Directory Server, Microsoft Active Directory, Novell edirectory, OpenLDAP and Oracle Internet Directory) by setting the appropriate parameter values in the Control Centre. 5.2 LDAP parameters Quercus s LDAP configuration is maintained by setting LDAP parameter values through the Control Centre. Note: you must have the correct administrator-level permissions in order to access Control Centre and set the parameter values. To locate LDAP parameters 1 Login to Assessments with administrator permissions and select Control Centre Set-Up. 2 Select Parameters. 3 Set the Namespace to Quercus System and the Group to Ldap and click Search. Identity Management in Quercus 12

13 To edit an LDAP parameter 1 Choose the parameter associated with the field you want to change and click the corresponding edit icon. The Edit Parameter screen opens Change the Value to the desired setting and click Save. List of LDAP parameters The LDAP parameters are listed in the table below. For a more detailed explanation of the parameters see Explanation of LDAP parameters, p.14. For examples of how the parameters are set in a real configuration scenario see Example: Establishing the LDAP connection to a Microsoft Active Directory server, p.20. Parameter Description Namespace Value LDAP_ADMIN_PASSWORD LDAP Admin Password Quercus System password LDAP_ADMIN_USER_NAME LDAP Admin User Name Quercus System DN, e.g. cn=orcladmin,cn=users,dc=campusit,dc=net LDAP_GROUP_BASE LDAP Group Base Quercus System DN, e.g. cn=demo,cn=groups,dc=campusit,dc=net LDAP_NEW_USER_BASE LDAP New User Base Quercus System DN of location on LDAP server where Quercus users created through the online application process are stored. LDAP_PASSWORD_REMINDER LDAP Password Reminder Quercus System TRUE FALSE LDAP_SERVER LDAP Server Type Quercus System Apache Directory Server CampusIT Embedded Microsoft Active Directory Novell edirectory OpenLDAP Oracle Internet Directory LDAP_SERVER_HOST LDAP Server Hostname Quercus System IP address or Hostname of thr LDAP server LDAP_SERVER_PORT LDAP Server Port Quercus System Port on server. Common values are 389 or 636, default is 389. LDAP_USER_BASE LDAP User Base Quercus System e.g. cn=demo,cn=users,dc=campusit,dc=net Identity Management in Quercus 13

14 5.4 Parameter Description Namespace Value LDAP_USER_ID_NUMBER LDAP User ID Number Quercus System an employee number LDAP_WALLET LDAP Wallet Quercus System filepath of the location of the Oracle LDAP Wallet on the Quercus database server. LDAP_WALLET_PASSWORD LDAP Wallet Password Quercus System password MSAD.LDAP_USER_NAME MSAD User Name Attribute Quercus System legacy logon name PERSON_LDAP_MERGE Person LDAP Merge Quercus Global TRUE FALSE Binding to LDAP The process of establishing a connection to the LDAP server is known as binding. When we take about linking Quercus to an LDAP server we refer to it as an LDAP bind. 5.5 Explanation of LDAP parameters The following Control Centre parameters provide support for LDAP functions. For examples of how the parameters are set in a real configuration scenario see Example: Establishing the LDAP connection to a Microsoft Active Directory server, p.20. LDAP_ADMIN_PASSWORD Purpose Stores the LDAP server password for the defined admin user. LDAP_ADMIN_USER_NAME Purpose Specifies where the LDAP admin user is located within the LDAP directory structure. Note: the specified user does not have to be an actual admin-level user a user with sufficient access privileges to perform the lookups is sufficient for authentication and authorization. However, user account provisioning and management will requires additional system privileges. In the example below cn=orcladmin is the lowest level node, dc=net the highest. A fragment of a corresponding structure from an LDAP server is shown below. Example cn=orcladmin,cn=users,dc=campusit-int,dc=net You can leave this field blank when the LDAP server doesn t require authentication. LDAP_GROUP_BASE Purpose Specifies where the various LDAP groups (e.g. QP_STUDENT_EDIT, HESA_ADMIN) are located within the LDAP directory structure. If you create a new LDAP group, it will be located in the lowest level node of this path (in the example below, cn=groups) Identity Management in Quercus 14

15 Example cn=groups,dc=campusit-int,dc=net In the above example cn=groups is the lowest level node, dc=net the highest. When the application searches for a group, it will only search in (and below) the path specified by this parameter. An example of a group node from an LDAP server is shown below: LDAP_NEW_USER_BASE A location in the directory structure where Quercus users created through the online application process are stored (allowing these users to be kept separate from long-term staff and student users). Not all institutions will use this option. Note: this parameter is optional. When this parameter is left empty (default) new user accounts are created (provisioned) under the LDAP_USER_BASE. LDAP_PASSWORD_REMINDER If set to True, when users create new accounts through the Apply Online and Booking services they will be asked to select a password reminder question and answer. The users will be required to answer the security question as an additional security measure during the password reset process. If set to False, the security question is not captured and is not required during password reset. LDAP_SERVER Set this to the type of LDAP server with which you are communicating. The options are: Apache Directory Server CampusIT Embedded Microsoft Active Directory Novell edirectory OpenLDAP Oracle Internet Directory LDAP_SERVER_HOST Purpose Specifies the address of the LDAP server. Format URL or IP address. Identity Management in Quercus 15

16 LDAP_SERVER_PORT Purpose Specifies the port on which the LDAP server is communicating. Format Common values are 389 or 636, default is 389. LDAP_USER_BASE Purpose Specifies where, in the LDAP directory structure, the users are located. When the server receives an authentication request from Quercus the entry-search will be confined to this branch of the directory and any branches below it. For example: If you create a new LDAP user, the record will be located in the lowest level node of this path (in the example below, cn=qdoc) Example cn=qdoc,cn=users,dc=campusit-int,dc=netn=groups,dc=campusit-int,dc=net In the above example cn=qdoc is the lowest level node, dc=net the highest. When the application searches for a user, it will only search in (and below) the path specified by this parameter. An example of a user from an LDAP server is shown below. LDAP_USER_ID_NUMBER Purpose Specifies the name of the LDAP property which links the LDAP user profile with the PERSON_LDAP.LDAP_ID field in Quercus Menu (see below). Quercus Menu applications and services which utilise LDAP lookups, must be able to link an LDAP user record with records for the same user within the Quercus Menu database. Identity Management in Quercus 16

17 This is done using the LDAP_USER_ID_NUMBER parameter. Example employeenumber LDAP_WALLET Purpose Specifies the location of the Oracle LDAP Wallet. The Oracle LDAP Wallet is a resource which stores the database s authentication credentials, such as security certificates. Format Path to the Wallet. If entered, must begin with file: Leave blank when SSL communication is not required. Example file:d:\wallet LDAP_WALLET_PASSWORD Purpose Stores the password to the Oracle LDAP Wallet. MSAD.LDAP_USER_NAME In Microsoft Active Directory you can hold the user name in either the samaccountname or the userprincipalname fields. The MSAD.LDAP_USER_NAME parameter allows you to specify which field you are using. We recommend using the userprincipalname rather than the samaccountname. PERSON_LDAP_MERGE Quercus has the capability to merge duplicate person (student) records. When this parameter is enabled, associated user accounts are merged as well. This is done by deleting one user account from the LDAP server and updating the other. Depending on how accounts are provisioned within an institution this automation may not be desirable. When automated merging of user accounts is disabled Quercus will leave both user account intact. However, one account will no longer be linked to an existing person record in Quercus and should be removed by other processes. Identity Management in Quercus 17

18 6 Establishing the LDAP connection 6.1 Binding to LDAP The process of establishing a connection to the LDAP server is known as binding. When we take about linking Quercus to an LDAP server we refer to it as an LDAP bind. In order to establish an LDAP bind you will need to perform the following activities: connect to the LDAP server and test the connection specify the Admin User in Quercus check the Admin User can authenticate to the LDAP server from Quercus enable SSL communication if required specify the location of the LDAP user base link Quercus accounts with LDAP accounts set up LDAP Groups The precise steps required to establish an LDAP connection to an external IDM will vary according to the LDAP server type to which you are connecting and your local Quercus environment. In the next chapter we provide a detailed example of how these activities are executed when connecting to a Microsoft Active Directory server. 6.2 Note The execution procedures required to establish an LDAP connection to an external IDM will vary according to the LDAP server type to which you are connecting and your local Quercus environment. 6.3 Summary of steps An outline of the steps is given below. The next chapter provides a detailed example of how these activities are executed when connecting to a Microsoft Active Directory server. Step Objective Summary 1 Connect to the server and test the connection The first step is to enter the connection parameters in Quercus and then test that the connection actually works by telnetting from the Quercus environment to the LDAP server. Note: The communication must be established from the Quercus database server environment. 2 Identify the Admin User in Quercus If you wish to add users through services such as Apply Online you will require admin rights for writing to the LDAP directory. In order to perform the various read and write operations required in this scenario, Quercus must connect to the server as an admin user. To support this requirement you must enter details of the administrative user into Quercus. 3 Check the Admin User can authenticate to the LDAP server from Quercus Once you have set up the admin user you should check that the user can authenticate to the LDAP server. You can use the Oracle SQL*Plus tool to perform this check. 4 Enable SSL communication if required If you plan to encrypt communication using SSL, you must provide Quercus with the relevant domain certificate for the LDAP sever. In the case of Active Directory SSL mode is mandatory for all connections. Although it is not mandatory for other LDAP servers we recommend that it is used if at all possible. Identity Management in Quercus 18

19 Step Objective Summary 5 Specify the location of the LDAP user base Now you have fully operative SSL communication between Quercus and the LDAP server you can specify the location of the Quercus users within the LDAP directory. 6 Link Quercus accounts with Active Directory LDAP accounts Next, you must establish the link between the users in the LDAP directory and the users in Quercus. So if a user authenticates using LDAP and is granted access to Quercus, Quercus knows who that user is. This link is maintained by using a field in the Quercus schema known as PERSON_LDAP.LDAP_ID. This field stores a unique LDAP identifier for each user which is compared to a corresponding unique identifier in the LDAP directory. Any suitable field holding a unique identifier can be used as the join field in the LDAP directory. For this reason it is necessary to specify which field is being used as the join using the LDAP_USER_ID_NUMBER parameter. 7 Set up LDAP Groups You have now established the user base and how Quercus users are joined to the LDAP server. At this stage student users can log into Quercus Gateway providing they are enrolled on a course instance Back-end staff, however, must be member of LDAP groups for authorisation purposes. For this reason the Quercus LDAP groups must be set up on the LDAP server before staff members can authenticate and be authorised. The groups are defined by Quercus and they need to be stored in a location in the LDAP directory. 8 Test the installation You have now completed all the steps in the LDAP set-up procedure. You can now begin testing the installation. Identity Management in Quercus 19

20 7 Example: Establishing the LDAP connection to a Microsoft Active Directory server 7.1 Note The precise steps required to establish an LDAP connection to an external IDM will vary according to the LDAP server type to which you are connecting and your local Quercus environment. This chapter provides a detailed example of how these activities are executed when connecting to a Microsoft Active Directory server. 7.2 Connect to the server and test the connection The first step is to enter the connection parameters in Quercus and then test that the connection actually works by telnetting from the Quercus environment to the LDAP server. Note: The communication must be established from the Quercus database server environment. 1 Set the server type using the LDAP_SERVER parameter in Quercus. Identity Management in Quercus 20

21 2 Enter the address of the server using the LDAP_SERVER_HOST parameter. Enter a fully qualified name, the shortened name, or the IP address. 3 Enter the default port number. Note: the default SSL port is 636 not Test your connection to the server. In the example below we are sending the ping command from the database server (using PuTTY) to test the connection. 5 Once you have pinged the database server, telnet to the LDAP server to check that you can communicate from the database server to the Active Directory host. Identity Management in Quercus 21

22 Note: Many servers are configured not to respond to ping, so a ping failure is not a conclusive proof that the connection has not been established. For this reason you should attempt the telnet connection even if the ping has failed. When establishing a telnet connection you will need to specify the port (the default telnet port 22 will not work). In the screenshot below port 389 is used first to establish an open, unencrypted connection, followed by an encrypted connection over port 636. Note: It is important you test your connections in the manner shown above, before moving on to set up the LDAP bind. Now that you have established communication, you will need to authenticate as an admin user to the Active Directory. 7.3 Identify the Admin User in Quercus If you wish to add users through services such as Apply Online you will require admin rights for writing to the LDAP directory. In order to perform the various read and write operations required in this scenario, Quercus must connect to the server as an admin user. To support this requirement you must enter details of the administrative user into Quercus. 1 Create, in Active Directory, an admin user who will be identified in Quercus and will act as the broker for all activities involving communication between the two applications. This administrative user will have the necessary authorisation level to create, read, update and delete (CRUD) user records and LDAP groups within the Active Directories. This user can be located anywhere in the Active Directory. Identity Management in Quercus 22

23 7.4 2 Enter details of the user into the LDAP_ADMIN_USER_NAME parameter in Quercus. Enter the distinguished name (DN) of the user. 3 Enter the admin password into the LDAP_ADMIN_PASSWORD parameter. Check the Admin User can authenticate to the LDAP server from Quercus Once you have set up the admin user you should check that the user can authenticate to the LDAP server. You can use the Oracle SQL*Plus tool to perform this check. 1 Set serveroutput to on and then execute the oc_ldap.ping command. If successful, you should receive connection and authentication confirmation messages. 7.5 Enable SSL communication if required If you plan to encrypt communication using SSL, you must provide Quercus with the relevant domain certificate for the LDAP sever. In the case of Active Directory, SSL mode is mandatory for all connections. Although it is not mandatory for other LDAP servers we recommend that it is used if at all possible. Identity Management in Quercus 23

24 7.5.1 Specify the location of the Oracle LDAP Wallet 1 To turn SSL on, specify the location of the Oracle LDAP Wallet. The Wallet is simply a named directory on the Quercus server in which certificates are stored. See for more information. 2 You must also enter the Wallet password. Identity Management in Quercus 24

25 7.5.2 Import the domain certificate into the Wallet 1 Locate the domain certificate for the LDAP server and import the certificate. See Importing the certificate into the wallet automatically establishes SSL communication between the two servers. If the wallet parameter is not filled in the system will operate in non-ssl (clear-text) mode. 7.6 Specify the location of the LDAP user base Now you have fully operative SSL communication between Quercus and the LDAP server you can specify the location of the Quercus users within the LDAP directory. 1 To specify the user location enter the DN of the user base as the value of the LDAP_USER_BASE parameter. Important: If users are are spread across different directories you must specify the common root for all the directories. 7.7 Link Quercus accounts with Active Directory LDAP accounts Next, you must establish the link between the users in Active Directory and the users in Quercus. So if a user authenticates using Active Directory and is granted access to Quercus, Quercus knows who that user is. This link is maintained by using a field in the Quercus schema known as PERSON_LDAP.LDAP_ID. This field stores a unique LDAP identifier for each user which is compared to a corresponding unique identifier in the Active Directory. Any suitable field holding a unique identifier can be used as the join field in Active Directory. For this reason it is necessary to specify which field is being used as the join using the LDAP_USER_ID_NUMBER parameter. Identity Management in Quercus 25

26 1 To identify the join field, enter its name in the LDAP_USER_ID_NUMBER parameter. In the example below the cn (common name) field is used as the join. You can check the value of this field in Active Directory for any given user by using a tool such as Softerra LDAP Browser. In the example below the admin user s cn (highlighted) is admin : Once you have completed this step users should be able to log in. Note: a user can only log into Quercus if he or she has a corresponding person account in Quercus. Note: the admin user does not need a person account in Quercus Example of a user account The screenshot shows the user record of James Gilbert in Quercus. Identity Management in Quercus 26

27 The screenshot below shows the same user record on the Active Directory server. Note the join field: the cn in Active Directory, the LDAP ID in Quercus User Names Note that in Active Directory you can hold the user name in either the samaccountname or the userprincipalname fields. You specify which name corresponds to the Quercus user ID via the MSAD.LDAP_USER_NAME parameter. We recommend using the userprincipalname rather than the samaccountname. 7.8 Set up LDAP groups You have now established the user base and how Quercus users are joined to the LDAP server. At this stage student users can log into Quercus Gateway providing they are enrolled on a course instance. Back-end staff, however, must be member of LDAP groups for authorisation purposes. For this reason the Quercus LDAP groups must be set up on the Active Directory server before staff members can authenticate and be authorised. The groups are defined by Quercus and they need to be stored in a location in the Active Directory. Identity Management in Quercus 27

28 1 To identify the location of the groups, enter the group DN as the LDAP_GROUP_BASE parameter. The groups referenced in the DN above are shown below in the Active Directory. Identity Management in Quercus 28

User Management Resource Administrator. Managing LDAP directory services with UMRA

User Management Resource Administrator. Managing LDAP directory services with UMRA User Management Resource Administrator Managing LDAP directory services with UMRA Copyright 2005, Tools4Ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted

More information

Cloudwork Dashboard User Manual

Cloudwork Dashboard User Manual STUDENTNET Cloudwork Dashboard User Manual Make the Cloud Yours! Studentnet Technical Support 10/28/2015 User manual for the Cloudwork Dashboard introduced in January 2015 and updated in October 2015 with

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

Skyward LDAP Launch Kit Table of Contents

Skyward LDAP Launch Kit Table of Contents 04.30.2015 Table of Contents What is LDAP and what is it used for?... 3 Can Cloud Hosted (ISCorp) Customers use LDAP?... 3 What is Advanced LDAP?... 3 Does LDAP support single sign-on?... 4 How do I know

More information

Using LDAP Authentication in a PowerCenter Domain

Using LDAP Authentication in a PowerCenter Domain Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,

More information

LDAP Directory Integration with Cisco Unity Connection

LDAP Directory Integration with Cisco Unity Connection CHAPTER 6 LDAP Directory Integration with Cisco Unity Connection The Lightweight Directory Access Protocol (LDAP) provides applications like Cisco Unity Connection with a standard method for accessing

More information

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support Document Scope This document describes the integration of SonicOS Enhanced 3.2 with Lightweight Directory

More information

Using LDAP for User Authentication

Using LDAP for User Authentication Using LDAP for User Authentication Product version: 4.50 Document version: 1.1 Document creation date: 03-06-05 Purpose This technical note describes how to configure and set up EPiServer to use an LDAP

More information

Adeptia Suite LDAP Integration Guide

Adeptia Suite LDAP Integration Guide Adeptia Suite LDAP Integration Guide Version 6.2 Release Date February 24, 2015 343 West Erie, Suite 440 Chicago, IL 60654, USA Phone: (312) 229-1727 x111 Fax: (312) 229-1736 DOCUMENT INFORMATION Adeptia

More information

NSi Mobile Installation Guide. Version 6.2

NSi Mobile Installation Guide. Version 6.2 NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...

More information

SchoolBooking LDAP Integration Guide

SchoolBooking LDAP Integration Guide SchoolBooking LDAP Integration Guide Before you start This guide has been written to help you configure SchoolBooking to connect to your LDAP server. Please treat this document as a reference guide, your

More information

Version 9. Active Directory Integration in Progeny 9

Version 9. Active Directory Integration in Progeny 9 Version 9 Active Directory Integration in Progeny 9 1 Active Directory Integration in Progeny 9 Directory-based authentication via LDAP protocols Copyright Limit of Liability Trademarks Customer Support

More information

Authentication Integration

Authentication Integration Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication

More information

Taking Advantage of Active Directory Support in GroupWise 2014

Taking Advantage of Active Directory Support in GroupWise 2014 White Paper Collaboration Taking Advantage of Active Directory Support in GroupWise 2014 Flexibility and interoperability have always been hallmarks for Novell. That s why it should be no surprise that

More information

VERALAB LDAP Configuration Guide

VERALAB LDAP Configuration Guide VERALAB LDAP Configuration Guide VeraLab Suite is a client-server application and has two main components: a web-based application and a client software agent. Web-based application provides access to

More information

LDAP User Guide PowerSchool Premier 5.1 Student Information System

LDAP User Guide PowerSchool Premier 5.1 Student Information System PowerSchool Premier 5.1 Student Information System Document Properties Copyright Owner Copyright 2007 Pearson Education, Inc. or its affiliates. All rights reserved. This document is the property of Pearson

More information

PriveonLabs Research. Cisco Security Agent Protection Series:

PriveonLabs Research. Cisco Security Agent Protection Series: Cisco Security Agent Protection Series: Enabling LDAP for CSA Management Center SSO Authentication For CSA 5.2 Versions 5.2.0.245 and up Fred Parks Systems Consultant 3/25/2008 2008 Priveon, Inc. www.priveonlabs.com

More information

Authentication Methods

Authentication Methods Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the

More information

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support Document Scope This document describes the integration of SonicOS Enhanced 3.2 with Lightweight Directory

More information

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them. This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and

More information

Getting Started with Clearlogin A Guide for Administrators V1.01

Getting Started with Clearlogin A Guide for Administrators V1.01 Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality

More information

Configuring and Using the TMM with LDAP / Active Directory

Configuring and Using the TMM with LDAP / Active Directory Configuring and Using the TMM with LDAP / Active Lenovo ThinkServer April 27, 2012 Version 1.0 Contents Configuring and using the TMM with LDAP / Active... 3 Configuring the TMM to use LDAP... 3 Configuring

More information

How to Logon with Domain Credentials to a Server in a Workgroup

How to Logon with Domain Credentials to a Server in a Workgroup How to Logon with Domain Credentials to a Server in a Workgroup Johan Loos johan@accessdenied.be Version 1.0 Authentication Overview Basically when you logon to a Windows Server you can logon locally using

More information

Oracle Enterprise Single Sign-on Provisioning Gateway. Administrator Guide Release 10.1.4.1.0 E12613-01

Oracle Enterprise Single Sign-on Provisioning Gateway. Administrator Guide Release 10.1.4.1.0 E12613-01 Oracle Enterprise Single Sign-on Provisioning Gateway Administrator Guide Release 10.1.4.1.0 E12613-01 March 2009 Oracle Enterprise Single Sign-on Provisioning Gateway, Administrator Guide, Release 10.1.4.1.0

More information

Configuring Sponsor Authentication

Configuring Sponsor Authentication CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five

More information

Configure Directory Integration

Configure Directory Integration Client Configuration for Directory Integration, page 1 Client Configuration for Directory Integration You can configure directory integration through service profiles using Cisco Unified Communications

More information

Introduction to Directory Services

Introduction to Directory Services Introduction to Directory Services Overview This document explains how AirWatch integrates with your organization's existing directory service such as Active Directory, Lotus Domino and Novell e-directory

More information

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks

More information

Avaya Aura System Manager 6.2 LDAP Directory Synchronization Whitepaper

Avaya Aura System Manager 6.2 LDAP Directory Synchronization Whitepaper Avaya Aura System Manager 6.2 LDAP Directory Synchronization Whitepaper Issue 1.0 25 th July 2011 2011 Avaya Inc. All rights reserved. Contents 1. Introduction... 3 2. LDAP Sync Description... 3 3. LDAP

More information

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM)

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM) Using LDAP with Sentry Firmware and Sentry Power Manager (SPM) Table of Contents Purpose LDAP Requirements Using LDAP with Sentry Firmware (GUI) Initiate a Sentry GUI Session Configuring LDAP for Active

More information

HP Device Manager 4.7

HP Device Manager 4.7 Technical white paper HP Device Manager 4.7 LDAP Troubleshooting Guide Table of contents Introduction... 2 HPDM LDAP-related context and background... 2 LDAP in HPDM... 2 Full domain account name login...

More information

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP Deployment Guide Cisco VCS X8.1 D14465.06 December 2013 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration

More information

OpenLDAP Oracle Enterprise Gateway Integration Guide

OpenLDAP Oracle Enterprise Gateway Integration Guide An Oracle White Paper June 2011 OpenLDAP Oracle Enterprise Gateway Integration Guide 1 / 29 Disclaimer The following is intended to outline our general product direction. It is intended for information

More information

Technical Bulletin 005 Revised 2010/12/10

Technical Bulletin 005 Revised 2010/12/10 sitesecuresoftware.com Site-Secure Facility & Security Management Software Technical Bulletin 005 Revised 2010/12/10 Search Active Directory from SQL Server 2000-2005 Table of Contents Introduction...

More information

Okta/Dropbox Active Directory Integration Guide

Okta/Dropbox Active Directory Integration Guide Okta/Dropbox Active Directory Integration Guide Okta Inc. 301 Brannan Street, 3rd Floor San Francisco CA, 94107 info@okta.com 1-888- 722-7871 1 Table of Contents 1 Okta Directory Integration Edition for

More information

LDAP and Active Directory Guide

LDAP and Active Directory Guide LDAP and Active Directory Guide Contents LDAP and Active Directory Guide...2 Overview...2 Configuring for LDAP During Setup...2 Deciding How to Use Data from LDAP... 2 Starting the Setup Tool... 3 Configuring

More information

This presentation explains how to integrate Microsoft Active Directory to enable LDAP authentication in the IBM InfoSphere Master Data Management

This presentation explains how to integrate Microsoft Active Directory to enable LDAP authentication in the IBM InfoSphere Master Data Management This presentation explains how to integrate Microsoft Active Directory to enable LDAP authentication in the IBM InfoSphere Master Data Management Collaboration Server. Before going into details, there

More information

Getting Started Guide

Getting Started Guide Getting Started Guide CensorNet Professional Copyright CensorNet Limited, 2007-2011 This document is designed to provide information about the first time configuration and testing of the CensorNet Professional

More information

Configuring User Identification via Active Directory

Configuring User Identification via Active Directory Configuring User Identification via Active Directory Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be User Identification Overview User Identification allows you to create security policies based

More information

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V Connection Broker Managing User Connections to Workstations, Blades, VDI, and More Quick Start with Microsoft Hyper-V Version 8.1 October 21, 2015 Contacting Leostream Leostream Corporation http://www.leostream.com

More information

Sophos UTM Web Application Firewall for Microsoft Exchange connectivity

Sophos UTM Web Application Firewall for Microsoft Exchange connectivity How to configure Sophos UTM Web Application Firewall for Microsoft Exchange connectivity This article explains how to configure your Sophos UTM 9.2 to allow access to the relevant Microsoft Exchange services

More information

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Nature of Document: Guideline Product(s): IBM Cognos Express Area of Interest: Infrastructure 2 Copyright and Trademarks Licensed Materials

More information

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names DataCove DT Active Directory Authentication In Active Directory (AD) authentication mode, the server uses NTLM v2 and LDAP protocols to authenticate users residing in Active Directory. The login procedure

More information

Océ LDAP Adapter User Guide

Océ LDAP Adapter User Guide Océ LDAP Adapter User Guide Océ PRISMAweb V4.0 The e-business solution for Print Service Providers _ Copyright 2005, 2006,2007 by Océ Printing Systems GmbH. All rights reserved. This User Documentation

More information

Configuring idrac6 for Directory Services

Configuring idrac6 for Directory Services Configuring idrac6 for Directory Services Instructions for Setting Up idrac6 with Active Directory, Novell, Fedora, OpenDS and OpenLDAP Directory Services. A Dell Technical White Paper Dell Product Group

More information

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory May 21, 2014 This edition of this document applies to Piston OpenStack 3.0. To send us your comments about this document, e-mail documentation@pistoncloud.com.

More information

Egress Switch Administration Panel. User Guide

Egress Switch Administration Panel. User Guide Egress Switch Administration Panel User Guide November 2015 Confidentiality Statement This document contains information confidential and proprietary to Egress Software Technologies. It shall not be disclosed

More information

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit Note: SecureAware version 3.7 and above contains all files and setup configuration needed to use Microsoft IIS as a front end web server. Installing

More information

ProxySG TechBrief LDAP Authentication with the ProxySG

ProxySG TechBrief LDAP Authentication with the ProxySG ProxySG TechBrief LDAP Authentication with the ProxySG What is LDAP Authentication? Today, the network can include elements such as LANs, WANs, an intranet, and the Internet. Many enterprises have turned

More information

Basic Configuration. Key Operator Tools older products. Program/Change LDAP Server (page 3 of keyop tools) Use LDAP Server must be ON to work

Basic Configuration. Key Operator Tools older products. Program/Change LDAP Server (page 3 of keyop tools) Use LDAP Server must be ON to work Where to configure: User Tools Basic Configuration Key Operator Tools older products Program/Change LDAP Server (page 3 of keyop tools) Use LDAP Server must be ON to work Administrator Tools newest products

More information

Technology Primer. OPS Manager, Release 7.4. Integrating Your Directory Server with our Directory Service Solution

Technology Primer. OPS Manager, Release 7.4. Integrating Your Directory Server with our Directory Service Solution Technology Primer OPS Manager, Release 7.4 Integrating Your Directory Server with our Directory Service Solution The Mitel Integrated Directory Services (IDS) application synchronizes the telephone directory

More information

Active Directory LDAP Quota and Admin account authentication and management

Active Directory LDAP Quota and Admin account authentication and management Active Directory LDAP Quota and Admin account authentication and management Version 4.1 Updated July 2014 GoPrint Systems 2014 GoPrint Systems, Inc, All rights reserved. One Annabel Lane, Suite 105 San

More information

Delegated Administration Quick Start

Delegated Administration Quick Start Delegated Administration Quick Start Topic 50200 Delegated Administration Quick Start Updated 22-Oct-2013 Applies to: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere,

More information

Managing Identities and Admin Access

Managing Identities and Admin Access CHAPTER 4 This chapter describes how Cisco Identity Services Engine (ISE) manages its network identities and access to its resources using role-based access control policies, permissions, and settings.

More information

Security Provider Integration LDAP Server

Security Provider Integration LDAP Server Security Provider Integration LDAP Server 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property

More information

PineApp Surf-SeCure Quick

PineApp Surf-SeCure Quick PineApp Surf-SeCure Quick Installation Guide September 2010 WEB BASED INSTALLATION SURF-SECURE AS PROXY 1. Once logged in, set the appliance s clock: a. Click on the Edit link under Time-Zone section.

More information

KACE Appliance LDAP Reference Guide V1.4

KACE Appliance LDAP Reference Guide V1.4 KACE Appliance LDAP Reference Guide V1.4 Brandon Whitman Page 1 The purpose of this guide is to help you with both common and advanced LDAP issues related to the KACE appliances. This guide will give you

More information

Integrating Webalo with LDAP or Active Directory

Integrating Webalo with LDAP or Active Directory Integrating Webalo with LDAP or Active Directory Webalo can be integrated with an external directory to identify valid Webalo users and then authenticate them to the Webalo appliance. Integration with

More information

Authentication and Single Sign On

Authentication and Single Sign On Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication

More information

CA Unified Infrastructure Management Server

CA Unified Infrastructure Management Server CA Unified Infrastructure Management Server CA UIM Server Configuration Guide 8.0 Document Revision History Version Date Changes 8.0 September 2014 Rebranded for UIM 8.0. 7.6 June 2014 No revisions for

More information

From centralized to single sign on

From centralized to single sign on The LemonLDAP::NG project Abstract LemonLDAP::NG is a modular WebSSO (Web Single Sign On) software based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the

More information

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights

More information

Introduction... 1. Installing and Configuring the LDAP Server... 3. Configuring Yealink IP Phones... 30. Using LDAP Phonebook...

Introduction... 1. Installing and Configuring the LDAP Server... 3. Configuring Yealink IP Phones... 30. Using LDAP Phonebook... Introduction... 1 Installing and Configuring the LDAP Server... 3 OpenLDAP... 3 Installing the OpenLDAP Server... 3 Configuring the OpenLDAP Server... 4 Configuring the LDAPExploreTool2... 8 Microsoft

More information

Oracle Enterprise Single Sign-On Provisioning Gateway. Administrator's Guide Release 11.1.2 E27317-02

Oracle Enterprise Single Sign-On Provisioning Gateway. Administrator's Guide Release 11.1.2 E27317-02 Oracle Enterprise Single Sign-On Provisioning Gateway Administrator's Guide Release 11.1.2 E27317-02 August 2012 Oracle Enterprise Single Sign-On Provisioning Gateway, Administrator's Guide, Release 11.1.2

More information

Deploying RSA ClearTrust with the FirePass controller

Deploying RSA ClearTrust with the FirePass controller Deployment Guide Deploying RSA ClearTrust with the FirePass Controller Deploying RSA ClearTrust with the FirePass controller Welcome to the FirePass RSA ClearTrust Deployment Guide. This guide shows you

More information

SilkRoad Eprise Version: Eprise 2006 v 6.0. A Practical Guide to LDAP

SilkRoad Eprise Version: Eprise 2006 v 6.0. A Practical Guide to LDAP SilkRoad Eprise Version: Eprise 2006 v 6.0 A Practical Guide to LDAP SilkRoad technology, inc. PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT

More information

Google Apps Deployment Guide

Google Apps Deployment Guide CENTRIFY DEPLOYMENT GUIDE Google Apps Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate

More information

LifeSize Control Installation Guide

LifeSize Control Installation Guide LifeSize Control Installation Guide April 2005 Part Number 132-00001-001, Version 1.0 Copyright Notice Copyright 2005 LifeSize Communications. All rights reserved. LifeSize Communications has made every

More information

User Management Guide

User Management Guide AlienVault Unified Security Management (USM) 4.x-5.x User Management Guide USM v4.x-5.x User Management Guide, rev 1 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,

More information

Creating Organizational Units, Accounts, and Groups. Active Directory Users and Computers (ADUC) 21/05/2013

Creating Organizational Units, Accounts, and Groups. Active Directory Users and Computers (ADUC) 21/05/2013 Creating Organizational Units, Accounts, and Groups Tom Brett Active Directory Users and Computers (ADUC) Active Directory Users and Computers (ADUC) After installing AD DS, the next task is to create

More information

Avaya Aura System Manager 6.2 Feature Pack 3 LDAP Directory Synchronization Whitepaper

Avaya Aura System Manager 6.2 Feature Pack 3 LDAP Directory Synchronization Whitepaper Avaya Aura System Manager 6.2 Feature Pack 3 LDAP Directory Synchronization Whitepaper Issue 1.0 October 2013 2013 Avaya Inc. All rights reserved. Contents 1. Introduction... 3 2. LDAP Sync Description...

More information

Quick Start Guide for VMware and Windows 7

Quick Start Guide for VMware and Windows 7 PROPALMS VDI Version 2.1 Quick Start Guide for VMware and Windows 7 Rev. 1.1 Published: JULY-2011 1999-2011 Propalms Ltd. All rights reserved. The information contained in this document represents the

More information

Configuration Guide. BES12 Cloud

Configuration Guide. BES12 Cloud Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2 HYPERION SYSTEM 9 MASTER DATA MANAGEMENT RELEASE 9.2 N-TIER INSTALLATION GUIDE P/N: DM90192000 Copyright 2005-2006 Hyperion Solutions Corporation. All rights reserved. Hyperion, the Hyperion logo, and

More information

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...

More information

SchoolBooking SSO Integration Guide

SchoolBooking SSO Integration Guide SchoolBooking SSO Integration Guide Before you start This guide has been written to help you configure SchoolBooking to operate with SSO (Single Sign on) Please treat this document as a reference guide,

More information

Installation Guide ARGUS Symphony 1.6 and Business App Toolkit. 6/13/2014 2014 ARGUS Software, Inc.

Installation Guide ARGUS Symphony 1.6 and Business App Toolkit. 6/13/2014 2014 ARGUS Software, Inc. ARGUS Symphony 1.6 and Business App Toolkit 6/13/2014 2014 ARGUS Software, Inc. Installation Guide for ARGUS Symphony 1.600.0 6/13/2014 Published by: ARGUS Software, Inc. 3050 Post Oak Boulevard Suite

More information

Identikey Server Windows Installation Guide 3.1

Identikey Server Windows Installation Guide 3.1 Identikey Server Windows Installation Guide 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis,

More information

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity USER GUIDE Lightweight Directory Access Protocol () Schoolwires Centricity TABLE OF CONTENTS Introduction... 1 Audience and Objectives... 1 Overview... 1 Servers Supported by Centricity... 1 Benefits of

More information

F-Secure Messaging Security Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4

More information

Upgrading User-ID. Tech Note PAN-OS 4.1. 2011, Palo Alto Networks, Inc.

Upgrading User-ID. Tech Note PAN-OS 4.1. 2011, Palo Alto Networks, Inc. Upgrading User-ID Tech Note PAN-OS 4.1 Revision B 2011, Palo Alto Networks, Inc. Overview PAN-OS 4.1 introduces significant improvements in the User-ID feature by adding support for multiple user directories,

More information

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1 PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity

More information

Integration Guide. SafeNet Authentication Service. Integrating Active Directory Lightweight Services

Integration Guide. SafeNet Authentication Service. Integrating Active Directory Lightweight Services SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

DIGIPASS Authentication for Citrix Access Gateway VPN Connections DIGIPASS Authentication for Citrix Access Gateway VPN Connections With VASCO Digipass Pack for Citrix 2006 VASCO Data Security. All rights reserved. Page 1 of 31 Integration Guideline Disclaimer Disclaimer

More information

Central Security Server

Central Security Server Central Security Server Installation and Administration Guide Release 12.3 Please direct questions about {Compuware Product} or comments on this document to: Customer Support https://community.compuwareapm.com/community/display/support

More information

Websense Support Webinar: Questions and Answers

Websense Support Webinar: Questions and Answers Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user

More information

The following gives an overview of LDAP from a user's perspective.

The following gives an overview of LDAP from a user's perspective. LDAP stands for Lightweight Directory Access Protocol, which is a client-server protocol for accessing a directory service. LDAP is a directory service protocol that runs over TCP/IP. The nitty-gritty

More information

Deploying System Center 2012 R2 Configuration Manager

Deploying System Center 2012 R2 Configuration Manager Deploying System Center 2012 R2 Configuration Manager This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

More information

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management Problem: The employees of a global enterprise often need to telework. When a sales representative

More information

WatchDox Administrator's Guide. Application Version 3.7.5

WatchDox Administrator's Guide. Application Version 3.7.5 Application Version 3.7.5 Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals

More information

1 Introduction. Windows Server & Client and Active Directory. www.exacq.com

1 Introduction. Windows Server & Client and Active Directory. www.exacq.com Windows Server & Client and Active Directory 1 Introduction For an organization using Active Directory (AD) for user management of information technology services, integrating exacqvision into the AD infrastructure

More information

Avatier Identity Management Suite

Avatier Identity Management Suite Avatier Identity Management Suite Migrating AIMS Configuration and Audit Log Data To Microsoft SQL Server Version 9 2603 Camino Ramon Suite 110 San Ramon, CA 94583 Phone: 800-609-8610 925-217-5170 FAX:

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.6 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Interworks. Interworks Cloud Platform Installation Guide

Interworks. Interworks Cloud Platform Installation Guide Interworks Interworks Cloud Platform Installation Guide Published: March, 2014 This document contains information proprietary to Interworks and its receipt or possession does not convey any rights to reproduce,

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

Technical Overview. Active Directory Synchronization

Technical Overview. Active Directory Synchronization Technical Overview Document Revision: March 15, 2010 AD Sync Technical Overview Page 2 of 7 Description of (AD Sync) is a utility that performs a one way synchronization from a customer s Active Directory

More information

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION Version 1.1 / Last updated November 2012 INTRODUCTION The Cloud Link for Windows client software is packaged as an MSI (Microsoft Installer)

More information