Authenticating SMTP Sessions Using Client Certificates
|
|
|
- Dorothy Melton
- 8 years ago
- Views:
Transcription
1 Authenticating SMTP Sessions Using Client Certificates This chapter contains the following sections: Overview of Certificates and SMTP Authentication, page 1 Checking the Validity of a Client Certificate, page 3 Authenticating a User Using an LDAP Directory, page 4 Authenticating an SMTP Connection Over TLS Using a Client Certificate, page 5 Establishing a TLS Connection from the Appliance, page 5 Updating a List of Revoked Certificates, page 6 Overview of Certificates and SMTP Authentication The Security appliance supports the use of client certificates to authenticate SMTP sessions between the Security appliance and users mail clients. The Security appliance can request a client certificate from a user s mail client when the application attempts to connect to the appliance to send messages. When the appliance receives the client certificate, it verifies that the certificate is valid, has not expired, and has not been revoked. If the certificate is valid, the Security appliance allows an SMTP connection from the mail application over TLS. Organizations that require their users to use a Common Access Card (CAC) for their mail clients can use this feature to configure the Security appliance to request a certificate that the CAC and ActivClient middleware application will provide to the appliance. You can configure the Security appliance to require users to provide a certificate when sending mail, but still allow exceptions for certain users. For these users, you can configure the appliance to use the SMTP authentication LDAP query to authenticate the user. Users must configure their mail client to send messages through a secure connection (TLS) and accept a server certificate from the appliance. 1
2 How to Authenticate a User with a Client Certificate Authenticating SMTP Sessions Using Client Certificates How to Authenticate a User with a Client Certificate Table 1: How to Authenticate a User with a Client Certificate Do This Define a certificate query for your LDAP server. Create a certificate-based SMTP authentication profile. Configure a listener to use the certificate SMTP authentication profile. Modify the RELAYED mail flow policy to require TLS, a client certificate, and SMTP authentication. More Info Checking the Validity of a Client Certificate, on page 3 Authenticating an SMTP Connection Over TLS Using a Client Certificate, on page 5 Listening for Connection Requests by Creating a Listener Using Web Interface Establishing a TLS Connection from the Appliance, on page 5 How to Authenticate a User with an SMTP Authentication LDAP Query Table 2: How to Authenticate a User with an SMTP Authenticate LDAP Query Do This Define an SMTP authentication query for your server that uses an allowance query string and Bind for the authentication method. Create an LDAP-based SMTP authentication profile. Configure a listener to use the LDAP SMTP authentication profile. Modify the RELAYED mail flow policy to require TLS and SMTP authentication. More Info Authenticating a User Using an LDAP Directory, on page 4 Configuring AsyncOS for SMTP Authentication If the user is not allowed to use LDAP-based SMTP authentication for their connection, you can select whether the appliance rejects the connection or temporarily allows it while logging all activity. Establishing a TLS Connection from the Appliance, on page 5 2
3 Authenticating SMTP Sessions Using Client Certificates How to Authenticate a User with an LDAP SMTP Authentication Query if the Client Certificate is Invalid How to Authenticate a User with an LDAP SMTP Authentication Query if the Client Certificate is Invalid Table 3: How to Authenticate a User with a Client Certificate or an LDAP SMTP Authentication Query Do This Define an SMTP authentication query for your server that uses an allowance query string and Bind for the authentication method. Define a certificate-based query for your LDAP server. Create a certificate-based SMTP authentication profile Create an LDAP SMTP authentication profile. Configure a listener to use the certificate SMTP authentication profile. 1 Modify the RELAYED mail flow policy to use the following settings: 2 TLS Preferred 3 SMTP authentication required 4 Require TLS for SMTP authentication More Info Authenticating a User Using an LDAP Directory, on page 4 Checking the Validity of a Client Certificate, on page 3 Authenticating an SMTP Connection Over TLS Using a Client Certificate, on page 5 Configuring AsyncOS for SMTP Authentication Listening for Connection Requests by Creating a Listener Using Web Interface Establishing a TLS Connection from the Appliance, on page 5 Checking the Validity of a Client Certificate The Certificate Authentication LDAP query checks the validity of a client certificate in order to authenticate an SMTP session between the user s mail client and the Security appliance. When creating this query, you select a list of certificate fields for authentication, specify the User ID attribute (the default is uid ), and enter the query string. For example, a query string that searches for the certificate s common name and serial number may look like (&(objectclass-posixaccount)(caccn={cn})(cacserial={sn}). After you have created the query, you can use it in a Certificate SMTP Authentication Profile. This LDAP query supports OpenLDAP, Active Directory, and Oracle Directory. 3
4 Authenticating a User Using an LDAP Directory Authenticating SMTP Sessions Using Client Certificates See LDAP Queries for more information on configuring LDAP servers. Select System Administration > LDAP. Create a new LDAP profile. See Creating LDAP Server Profiles to Store Information About the LDAP Server for more information. Check the Certificate Authentication Query checkbox. Enter the query name. Enter the query string to authenticate the user s certificate. For example, (&(objectclass=user)(cn={cn})). Enter the user ID attribute, such as samaccountname. Step 7 Authenticating a User Using an LDAP Directory The SMTP Authentication LDAP query has an Allowance Query String that allows the Security appliance to check whether the user s mail client is allowed to send mail through the appliance based on the user s record in the LDAP directory. This allows users who don t have a client certificate to send mail as long as their record specifies that it s allowed. You can also filter out results based on other attributes. For example, the query string (&(uid={u})( (!(caccn=*))(cacexempt=*)(cacemergency>={t}))) checks to see if any of the following conditions are true for the user: CAC is not issued to the user ( caccn=* ) CAC is exempt ( cacexempt=* ) the time period that a user may temporarily send mail without a CAC expires in the future ( cacemergency>={t} ) See Configuring AsyncOS for SMTP Authenticationfor more information on using the SMTP Authentication query. Step 7 Select System Administration > LDAP. Define an LDAP profile. See Creating LDAP Server Profiles to Store Information About the LDAP Server for more information. Define an SMTP authentication query for the LDAP profile. Check the SMTP Authentication Query checkbox. Enter the query name. Enter the string to query for the user s ID. For example, (uid={u}). Select LDAP BIND for the authentication method. Step 8 Enter an allowance query string. For example, (&(uid={u})( (!(caccn=*))(cacexempt=*)(cacemergency>={t}))). Step 9 4
5 Authenticating SMTP Sessions Using Client Certificates Authenticating an SMTP Connection Over TLS Using a Client Certificate Authenticating an SMTP Connection Over TLS Using a Client Certificate The certificate-based SMTP authentication profile allows the Security appliance to authenticate an SMTP connection over TLS using a client certificate. When creating the profile, you select the Certificate Authentication LDAP query to use for verifying the certificate. You can also specify whether the Security appliance falls back to the SMTP AUTH command to authenticate the user if a client certificate isn t available. For information on authenticating an SMTP connection by using LDAP, see Configuring AsyncOS for SMTP Authentication. Step 7 Step 8 Step 9 Select Network > SMTP Authentication. Click Add Profile. Enter the name for the SMTP authentication profile. Select Certificate for the Profile Type. Click Next. Enter the profile name. Select the certificate LDAP query you want to use with this SMTP authentication profile. Note Do not select the option to allow the SMTP AUTH command if a client certificate is not available. Click Finish. Establishing a TLS Connection from the Appliance The Verify Client Certificate option in the RELAYED mail flow policy directs the Security appliance to establish a TLS connection to the user s mail application if the client certificate is valid. If you select this option for the TLS Preferred setting, the appliance still allows a non-tls connection if the user doesn t have a certificate, but rejects a connection if the user has an invalid certificate. For the TLS Required setting, selecting this option requires the user to have a valid certificate in order for the appliance to allow the connection. To authenticate a user s SMTP session with a client certificate, select the following settings: TLS - Required Verify Client Certificate Require SMTP Authentication 5
6 Updating a List of Revoked Certificates Authenticating SMTP Sessions Using Client Certificates Note Although SMTP authentication is required, the Security appliance will not use the SMTP authentication LDAP query because it is using certificate authentication. To authenticate a user s SMTP session using the SMTP authentication query instead of a client certificate, select the following settings for the RELAYED mail flow policy: TLS - Required Require SMTP Authentication If you require the Security appliance to ask for a client certificate from certain users while allowing LDAP-based SMTP authentication from others, select the following settings for the RELAYED mail flow policy: TLS - Preferred Require SMTP Authentication Require TLS to Offer SMTP Authentication Updating a List of Revoked Certificates The Security appliance checks a list of revoked certificates (called a Certificate Revocation List) as part of its certificate verification to make sure that the user s certificate hasn t been revoked. You keep an up-to-date version of this list on a server and the Security appliance downloads it on a schedule that you create. Go to Network > CRL Sources. Enable CRL checking for SMTP TLS connections: a) Click Edit Settings under Global Settings. b) (Optional) Select the Global Settings checkbox if you want to select all options: CRL check for inbound SMTP TLS. CRL check for outbound SMTP TLS CRL Check for Web Interface c) Select the checkbox for either CRL check for inbound SMTP TLS, CRL check for outbound SMTP TLS or CRL Check for Web Interface options. 6
7 Authenticating SMTP Sessions Using Client Certificates Authenticating a User s SMTP Session With a Client Certificate Step 7 Step 8 Step 9 0 d) Submit your change. Click Add CRL Source. Enter a name for the CRL source. Select the file type. This can be either ASN.1 or PEM. Enter the URL for the primary source for the file, including the filename. For example, Optionally, enter the URL for a secondary source in case the appliance cannot contact the primary source. Specify a schedule for downloading the CRL source. Enable the CRL source. Authenticating a User s SMTP Session With a Client Certificate Go to System Administration > LDAP to configure an LDAP server profile.s Define a certificate query for the LDAP profile. a) Enter the query name. b) Choose the certificate fields to authenticate, such as the serial number and common name. c) Enter the query string. For example, (&(caccn={cn})(cacserial={sn})). d) Enter the user ID field, such as uid. e) Submit your changes. Go to Network > SMTP Authentication to configure a Certificate SMTP authentication profile. a) Enter the profile name. b) Select the certificate LDAP query you want to use. c) Do not select the option to allow the SMTP AUTH command if a client certificate is not available. d) Submit your changes. Go to Network > Listeners to configure a listener to use the certificate SMTP authentication profile that you created. Modify the RELAYED mail flow policy to require TLS and a client certificate, as well as require SMTP authentication. Note Although SMTP authentication is required, the Security appliance will not use the SMTP AUTH command because it is using certificate authentication. The Security appliance will require a client certificate from the mail application to authenticate the user. 7
8 Authenticating a User s SMTP Session with the SMTP AUTH Command Authenticating SMTP Sessions Using Client Certificates Authenticating a User s SMTP Session with the SMTP AUTH Command The Security appliance can use the SMTP AUTH command to authenticate a user s SMTP session instead of a client certificate. If you user is not allowed to use SMTP AUTH for their connection, you can select whether the appliance rejects the connection or temporarily allows it while logging all activity. Go to System Administration > LDAP to configure an LDAP server profile. Define an SMTP authentication query for the LDAP profile. a) Enter the query name. b) Enter the query string. For example, (uid={u}). c) Select LDAP Bind for the authentication method. d) Enter an allowance query string. For example, (&(uid={u})( (!(caccn=*))(cacexempt=*)(cacemergency>={t}))). e) Submit your changes. Go to Network > SMTP Authentication to configure an LDAP SMTP authentication profile. a) Enter the profile name. b) Select the SMTP authentication LDAP query you want to use. c) Select the Check with LDAP if user is allowed to use SMTP AUTH Command and choose to monitor and report the user s activity. d) Submit your changes. Go to Network > Listeners to configure a listener to use the LDAP SMTP authentication profile that you created. Modify the RELAYED mail flow policy to require TLS and SMTP authentication. Authenticating a User s SMTP Session with Either a Client Certificate or SMTP AUTH This configuration requires the Security appliance to ask for a client certificate from users with a client certificate while allowing SMTP AUTH for users without one, or who cannot use one for sending . Any attempt to use the SMTP AUTH command by a user who is not allowed will be prohibited. Go to System Administration > LDAP to configure an LDAP server profile. Define an SMTP authentication query for the profile. a) Enter the query name. b) Enter the query string. For example, (uid={u}). c) Select LDAP Bind for the authentication method. d) Enter an allowance query string. For example, (&(uid={u})( (!(caccn=*))(cacexempt=*)(cacemergency>={t}))). Define a certificate query for the LDAP profile. a) Enter the query name. 8
9 Authenticating SMTP Sessions Using Client Certificates Authenticating a User s SMTP Session with Either a Client Certificate or SMTP AUTH b) Choose the client certificate fields to authenticate, such as the serial number and common name. c) Enter the query string. For example, (&(caccn={cn})(cacserial={sn})). d) Enter the user ID field, such as uid. e) Submit your changes. Step 7 Go to Network > SMTP Authentication to configure an LDAP SMTP authentication profile. a) Enter the profile name. b) Select the SMTP authentication LDAP query you want to use. c) Select the Check with LDAP if user is allowed to use SMTP AUTH Command and choose to reject the connection. d) Enter a custom SMTP AUTH response. For example, 525, Dear user, please use your CAC to send . e) Submit your changes. Configure a Certificate SMTP authentication profile. a) Enter the profile name. b) Select the certificate LDAP query you want to use. c) Select the option to allow the SMTP AUTH command if a client certificate is not available. d) Select your LDAP SMTP authentication profile for the appliance to use if the user does not have a client certificate. e) Submit your changes. Go to Network > Listeners to configure a listener to use the certificate SMTP authentication profile you created. Modify the RELAYED mail flow policy to select the following options: TLS Preferred SMTP authentication required Require TLS for SMTP Authentication Step 8 9
10 Authenticating a User s SMTP Session with Either a Client Certificate or SMTP AUTH Authenticating SMTP Sessions Using Client Certificates 10
Using LDAP Authentication in a PowerCenter Domain
Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,
Configuring and Using the TMM with LDAP / Active Directory
Configuring and Using the TMM with LDAP / Active Lenovo ThinkServer April 27, 2012 Version 1.0 Contents Configuring and using the TMM with LDAP / Active... 3 Configuring the TMM to use LDAP... 3 Configuring
F-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
Owner of the content within this article is www.msexchange.org Written by Marc Grote www.it-training-grote.de
Owner of the content within this article is www.msexchange.org Written by Marc Grote www.it-training-grote.de Exchange 2003 - User, groups, distribution list and contact management with Windows 2003 Active
Use Enterprise SSO as the Credential Server for Protected Sites
Webthority HOW TO Use Enterprise SSO as the Credential Server for Protected Sites This document describes how to integrate Webthority with Enterprise SSO version 8.0.2 or 8.0.3. Webthority can be configured
Chapter 10 Encryption Service
Chapter 10 Encryption Service The Encryption Service feature works in tandem with Dell SonicWALL Email Security as a Software-as-a-Service (SaaS), which provides secure data mail delivery solutions. The
LDAP and Active Directory Guide
LDAP and Active Directory Guide Contents LDAP and Active Directory Guide...2 Overview...2 Configuring for LDAP During Setup...2 Deciding How to Use Data from LDAP... 2 Starting the Setup Tool... 3 Configuring
PGP Desktop LDAP Enterprise Enrollment
PGP Desktop LDAP Enterprise Enrollment This document provides a technical, experiential, and chronological overview of PGP Desktop s LDAP enterprise enrollment process. Each step of the enrollment process
Basic Exchange Setup Guide
Basic Exchange Setup Guide The following document and screenshots are provided for a single Microsoft Exchange Small Business Server 2003 or Exchange Server 2007 setup. These instructions are not provided
MailGuard and Microsoft Exchange 2007
MailGuard and Microsoft Exchange 2007 Contents: Introduction - The purpose of this document. Protecting OUTBOUND email - Send your outbound email through MailGuard. MailGuard and Sender Policy Framework
VERALAB LDAP Configuration Guide
VERALAB LDAP Configuration Guide VeraLab Suite is a client-server application and has two main components: a web-based application and a client software agent. Web-based application provides access to
Important Information
June 2015 Important Information The following information applies to Proofpoint Essentials US1 data center only. User Interface Access https://usproofpointessentials.com MX Records mx1-usppe-hosted.com
Configuration Manual
Configuration Manual Page 1 of 20 Table of Contents Chronicall Setup...3 Standard Installation...3 Non-standard Installation (Recording Library on Separate machine)...8 Configuring Call Recording through
Integrating Webalo with LDAP or Active Directory
Integrating Webalo with LDAP or Active Directory Webalo can be integrated with an external directory to identify valid Webalo users and then authenticate them to the Webalo appliance. Integration with
BarricadeMX. QUICK GUIDE FOR COMMON TASKS Step by step instructions for Getting started with BarricadeMX, version 2.x Fort Systems Ltd 2009
2009 BarricadeMX QUICK GUIDE FOR COMMON TASKS Step by step instructions for Getting started with BarricadeMX, version 2.x Fort Systems Ltd 2009 This Quick Guide for Common Tasks This reference is intended
Chapter 7 Managing Users, Authentication, and Certificates
Chapter 7 Managing Users, Authentication, and Certificates This chapter contains the following sections: Adding Authentication Domains, Groups, and Users Managing Certificates Adding Authentication Domains,
eprism Enterprise Tech Notes
eprism Enterprise Tech Notes Utilizing Microsoft Active Directory for eprism s Directory Services Context eprism can integrate with an existing LDAP (Lightweight Directory Access Protocol) directory for
OCS Training Workshop LAB14. Email Setup
OCS Training Workshop LAB14 Email Setup Introduction The objective of this lab is to provide the skills to develop and trouble shoot email messaging. Overview Electronic mail (email) is a method of exchanging
SSL VPN Portal Options
1. ProSecure UTM Quick Start Guide This quick start guide describes how to use the SSL VPN Wizard to configure SSL VPN portals on the ProSecure Unified Threat Management (UTM) Appliance. The Secure Sockets
Domains Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc.
Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc. Domains All Domains System administrators can use this section
Certificate technology on Pulse Secure Access
Certificate technology on Pulse Secure Access How-to Guide Published Date July 2015 Contents Introduction: 3 Creating a Certificate signing request (CSR): 3 Import Intermediate CAs: 5 Using Trusted Client
NETASQ ACTIVE DIRECTORY INTEGRATION
NETASQ ACTIVE DIRECTORY INTEGRATION NETASQ ACTIVE DIRECTORY INTEGRATION RUNNING THE DIRECTORY CONFIGURATION WIZARD 2 VALIDATING LDAP CONNECTION 5 AUTHENTICATION SETTINGS 6 User authentication 6 Kerberos
StoneGate SSL VPN Technical Note 2068. Adding Bundled Certificates
StoneGate SSL VPN Technical Note 2068 Adding Bundled Certificates Table of Contents Introduction................................... page 3 Overview..................................... page 3 Splitting
POP3 Connector for Exchange - Configuration
Eclarsys PopGrabber POP3 Connector for Exchange - Configuration PopGrabber is an excellent replacement for the POP3 connector included in Windows SBS 2000 and 2003. It also works, of course, with Exchange
OneLogin Integration User Guide
OneLogin Integration User Guide Table of Contents OneLogin Account Setup... 2 Create Account with OneLogin... 2 Setup Application with OneLogin... 2 Setup Required in OneLogin: SSO and AD Connector...
Certificate technology on Junos Pulse Secure Access
Certificate technology on Junos Pulse Secure Access How-to Introduction:... 1 Creating a Certificate signing request (CSR):... 1 Import Intermediate CAs: 3 Using Trusted Client CA on Juno Pulse Secure
BUSINESS CLASS POP3 E-MAIL END USER GUIDE TIME WARNER CABLE BUSINESS SERVICES VERSION 1.0, RELEASE 1.2
BUSINESS CLASS POP3 E-MAIL END USER GUIDE TIME WARNER CABLE BUSINESS SERVICES VERSION 1.0, RELEASE 1.2 Table of Contents MANAGING E-MAIL ACCOUNTS... 3 GENERIC CONFIGURATION INSTRUCTIONS... 3 POP mail...
SonicWALL Email Security Quick Start Guide. Version 4.6
SonicWALL Email Security Quick Start Guide Version 4.6 Quick Start Guide - Introduction This document guides you through the most basic steps to set up and administer SonicWALL Email Security. For more
Configuring Thunderbird with UEA Exchange 2007:
Configuring Thunderbird with UEA Exchange 2007: This document covers Thunderbird v10.0.2 please contact [email protected] if you require an upgrade. Mail Account Setup. Step 1: Open Thunderbird, you should
Basic Exchange Setup Guide
Basic Exchange Setup Guide The following document and screenshots are provided for a single Microsoft Exchange Small Business Server 2003 or Exchange Server 2007 setup. These instructions are not provided
Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
1 You will need the following items to get started:
QUICKSTART GUIDE 1 Getting Started You will need the following items to get started: A desktop or laptop computer Two ethernet cables (one ethernet cable is shipped with the _ Blocker, and you must provide
Configuration Guide BES12. Version 12.2
Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining
User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series
User Guide Supplement S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series SWD-292878-0324093908-001 Contents Certificates...3 Certificate basics...3 Certificate status...5 Certificate
Summary. How-To: Active Directory Integration. April, 2006
How-To How-To Integrate CanIt-PRO with Active Directory: April, 2006 Summary Several organizations use Active Directory to manage their user accounts. This paper describes how to integrate CanIt-PRO with
Implementing MDaemon as an Email Security Gateway to Exchange Server
Implementing MDaemon as an Email Security Gateway to Exchange Server Introduction MDaemon is widely deployed as a very effective antispam/antivirus gateway to Exchange. For optimum performance, we recommend
Using CertAgent to Obtain Domain Controller and Smart Card Logon Certificates for Active Directory Authentication
Using CertAgent to Obtain Domain Controller and Smart Card Logon Certificates for Active Directory Authentication Contents Domain Controller Certificates... 1 Enrollment for a Domain Controller Certificate...
escan SBS 2008 Installation Guide
escan SBS 2008 Installation Guide Following things are required before starting the installation 1. On SBS 2008 server make sure you deinstall One Care before proceeding with installation of escan. 2.
Djigzo S/MIME setup guide
Author: Martijn Brinkers Table of Contents...1 Introduction...3 Quick setup...4 Create a CA...4 Fill in the form:...5 Add certificates for internal users...5 Add certificates for external recipients...7
All existing accounts will be listed. 2. Click Add and select Mail to add a new E-mail account (see Figure 2). Figure 1. Figure 2
Microsoft Outlook Express 5.x, 6.0 This section describes how to configure Outlook Express to access POP E-mail. 1. Click Tools and select Accounts from the pull-down menu (see Figure 1). Figure 1 All
Chapter 3 Authenticating Users
Chapter 3 Authenticating Users Remote users connecting to the SSL VPN Concentrator must be authenticated before being allowed to access the network. The login window presented to the user requires three
Hansoft LDAP Integration
Hansoft LDAP Integration The Hansoft LDAP Integration synchronizes Hansoft resources to user accounts in an LDAP directory server, such as Windows Active Directory. It matches accounts on login names and
Exchange Server 2003 Management Pack Guide for Operations Manager 2007
Exchange Server 2003 Management Pack Guide for Operations Manager 2007 Running the Exchange Server 2003 Management Pack Configuration Wizard This section covers Configuration Wizard requirements and options
LDAP / SSO Authentication
LDAP / SSO Authentication - ig_ldap_sso_auth LDAP / SSO Authentication LDAP / SSO Authentication Extension Key: ig_ldap_sso_auth Language: en Keywords: ldap, sso, authentication Copyright 2000-2010, Michael
Smart Card Authentication. Administrator's Guide
Smart Card Authentication Administrator's Guide October 2012 www.lexmark.com Contents 2 Contents Overview...4 Configuring the applications...5 Configuring printer settings for use with the applications...5
Configuration Guide BES12. Version 12.1
Configuration Guide BES12 Version 12.1 Published: 2015-04-22 SWD-20150422113638568 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12... 8 Product documentation...
Implementation notes on Integration of Avaya Aura Application Enablement Services with Microsoft Lync 2010 Server.
Implementation notes on Integration of Avaya Aura Application Enablement Services with Microsoft Lync 2010 Server. Introduction The Avaya Aura Application Enablement Services Integration for Microsoft
Configuring Sponsor Authentication
CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five
Certificate Management
Certificate Management Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
Installing Policy Patrol on a separate machine
Policy Patrol 3.0 technical documentation July 23, 2004 Installing Policy Patrol on a separate machine If you have Microsoft Exchange Server 2000 or 2003 it is recommended to install Policy Patrol on the
Upgrading User-ID. Tech Note PAN-OS 4.1. 2011, Palo Alto Networks, Inc.
Upgrading User-ID Tech Note PAN-OS 4.1 Revision B 2011, Palo Alto Networks, Inc. Overview PAN-OS 4.1 introduces significant improvements in the User-ID feature by adding support for multiple user directories,
X.509 Certificate Generator User Manual
X.509 Certificate Generator User Manual Introduction X.509 Certificate Generator is a tool that allows you to generate digital certificates in PFX format, on Microsoft Certificate Store or directly on
How to configure your email client
How to configure your email client This guide will teach you how to set up your email client. In this guide we will cover both Outlook and Windows Live mail, which are two of the major email clients used
Skipjack Merchant User Guide. Quick Guide. (a supplement to the Merchant User Guide)
Skipjack Merchant User Guide Quick Guide (a supplement to the Merchant User Guide) COPYRIGHT INFORMATION Evolve Adaptive Technology and Skipjack Financial Services are registered trademarks of the Bradley-Madison
Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.
This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and
LDaemon. This document is provided as a step by step procedure for setting up LDaemon and common LDaemon clients.
LDaemon This document is provided as a step by step procedure for setting up LDaemon and common LDaemon clients. LDaemon... 1 What you should know before installing LDaemon:... 2 ACTIVE DIRECTORY... 2
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643) Chapter Six Configuring Windows Server 2008 Web Services, Part 1 Objectives Create and configure Web
Getting Started with Clearlogin A Guide for Administrators V1.01
Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality
SharePoint AD Information Sync Installation Instruction
SharePoint AD Information Sync Installation Instruction System Requirements Microsoft Windows SharePoint Services V3 or Microsoft Office SharePoint Server 2007. License management Click the trial link
ADFS Integration Guidelines
ADFS Integration Guidelines Version 1.6 updated March 13 th 2014 Table of contents About This Guide 3 Requirements 3 Part 1 Configure Marcombox in the ADFS Environment 4 Part 2 Add Relying Party in ADFS
Section 4 Application Description - LDAP
Section 4 Application Description - LDAP This section describes the applications and configuration required for authentication utilizing Windows 2000 Server s Active Directory features and a NetScreen
QUICK START GUIDE. Cisco C170 Email Security Appliance
1 0 0 1 QUICK START GUIDE Email Security Appliance Cisco C170 303357 Cisco C170 Email Security Appliance 1 Welcome 2 Before You Begin 3 Document Network Settings 4 Plan the Installation 5 Install the Appliance
1. Open Thunderbird. If the Import Wizard window opens, select Don t import anything and click Next and go to step 3.
Thunderbird The changes that need to be made in the email programs will be the following: Incoming mail server: newmail.one-eleven.net Outgoing mail server (SMTP): newmail.one-eleven.net You will also
1. Open the preferences screen by opening the Mail menu and selecting Preferences...
Using TLS encryption with OS X Mail This guide assumes that you have already created an account in Mail. If you have not, you can use the new account wizard. The new account wizard is in the Accounts window
Content Filtering Client Policy & Reporting Administrator s Guide
Content Filtering Client Policy & Reporting Administrator s Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION
Manage Licenses and Updates
Manage Licenses and Updates Palo Alto Networks Panorama Administrator s Guide Version 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054
Configuring Outlook 2010 for Windows
Configuring Outlook 2010 for Windows This document assumes that you already have Outlook 2010 installed on your computer and you are ready to configure Outlook. Table of Contents Configuring Outlook 2010
Configuring User Identification via Active Directory
Configuring User Identification via Active Directory Version 1.0 PAN-OS 5.0.1 Johan Loos [email protected] User Identification Overview User Identification allows you to create security policies based
Email Setup Guide. network support pc repairs web design graphic design Internet services spam filtering hosting sales programming
Email Setup Guide 1. Entourage 2008 Page 2 2. ios / iphone Page 5 3. Outlook 2013 Page 10 4. Outlook 2007 Page 17 5. Windows Live Mail a. New Account Setup Page 21 b. Change Existing Account Page 25 Entourage
1 Introduction. Windows Server & Client and Active Directory. www.exacq.com
Windows Server & Client and Active Directory 1 Introduction For an organization using Active Directory (AD) for user management of information technology services, integrating exacqvision into the AD infrastructure
ACTIVE DIRECTORY WEB SERVICE USER GUIDE LAST UPDATED: January 4, 2013
Page 1 of 28 ACTIVE DIRECTORY WEB SERVICE USER GUIDE LAST UPDATED: January 4, 2013 Introduction... 1 Web methods... 4 Active Directory query fails on Windows XP... 27 Support... 28 INTRODUCTION The Active
How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server
How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server Introduction Time stamping is an important mechanism for the long-term preservation of digital signatures, time
How To Authenticate An Ssl Vpn With Libap On A Safeprocess On A Libp Server On A Fortigate On A Pc Or Ipad On A Ipad Or Ipa On A Macbook Or Ipod On A Network
Authenticating SSL VPN users using LDAP This example illustrates how to configure a FortiGate to use LDAP authentication to authenticate remote SSL VPN users. With a properly configured LDAP server, user
LDAP Authentication and Authorization
LDAP Authentication and Authorization What is LDAP Authentication? Today, the network can include elements such as LANs, WANs, an intranet, and the Internet. Many enterprises have turned to centralized
Setup Guide for Exchange Server
Setup Guide for Exchange Server Table of Contents Overview... 1 A. Exchange Server 2007/2010 Inbound Mail... 2 B. Exchange Server 2007/2010 Outbound Mail (optional)... 8 C. Exchange Server 2003/2000 Inbound
How to Logon with Domain Credentials to a Server in a Workgroup
How to Logon with Domain Credentials to a Server in a Workgroup Johan Loos [email protected] Version 1.0 Authentication Overview Basically when you logon to a Windows Server you can logon locally using
Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)
w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS) To set up ADFS so that your employees can access Egnyte using their ADFS credentials,
Aradial Installation Guide
Aradial Technologies Ltd. Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document
WaveWare Technologies, Inc. We Deliver Information at the Speed of Light
WaveWare Technologies, Inc. We Deliver Information at the Speed of Light Enterprise Messaging Software WaveWare Enterprise SMTP Email Server How-to Send an Email to a Pager Please Note This How to Guide
Open Directory. Contents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 4. Specifying Home Folders 4
Contents Before You Start 2 Configuring Rumpus 3 Testing Accessible Directory Service Access 4 Specifying Home Folders 4 Open Directory Groups 6 Maxum Development Corp. Before You Start Open Directory
prefer to maintain their own Certification Authority (CA) system simply because they don t trust an external organization to
If you are looking for more control of your public key infrastructure, try the powerful Dogtag certificate system. BY THORSTEN SCHERF symmetric cryptography provides a powerful and convenient means for
Monitoring Oracle Enterprise Performance Management System Release 11.1.2.3 Deployments from Oracle Enterprise Manager 12c
Monitoring Oracle Enterprise Performance Management System Release 11.1.2.3 Deployments from Oracle Enterprise Manager 12c This document describes how to set up Oracle Enterprise Manager 12c to monitor
Using LDAP with Sentry Firmware and Sentry Power Manager (SPM)
Using LDAP with Sentry Firmware and Sentry Power Manager (SPM) Table of Contents Purpose LDAP Requirements Using LDAP with Sentry Firmware (GUI) Initiate a Sentry GUI Session Configuring LDAP for Active
E-mail Settings 1 September 2015
Training Notes 1 September 2015 PrintBoss can be configured to e-mail the documents it processes as PDF attachments. There are limitations to embedding documents in standard e-mails. PrintBoss solves these
Frequently Asked Questions for New Electric Mail Administrators 1 Domain Setup/Administration
Frequently Asked Questions for New Electric Mail Administrators 1 Domain Setup/Administration 1.1 How do I access the records of the domain(s) that I administer? To access the domains you administer, you
Portal User Guide. Customers. Version 1.1. May 2013 http://www.sharedband.com 1 of 5
Portal User Guide Customers Version 1.1 May 2013 http://www.sharedband.com 1 of 5 Table of Contents Introduction... 3 Using the Sharedband Portal... 4 Login... 4 Request password reset... 4 View accounts...
How To Upgrade To Symantec Mail Security Appliance 7.5.5
Release notes Information Foundation 2007 Symantec Mail Security Appliance 7.5 Copyright 1999-2007 Symantec Corporation. All rights reserved. Before installing or upgrading: Migration issues If you are
OFFICE OF KNOWLEDGE, INFORMATION, AND DATA SERVICES (KIDS) DIVISION OF ENTERPRISE DATA
OFFICE OF KNOWLEDGE, INFORMATION, AND DATA SERVICES (KIDS) DIVISION OF ENTERPRISE DATA Technical Guide Active Directory/Infinite Campus Integration in the KETS Environment Version 1.3 February 24, 2015
Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5
Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5 What is this document for? This document is a Step-by-Step Guide that can be used to quickly install Spam Marshall SpamWall on Exchange
Install and Configure Oracle Outlook Connector
Install and Configure Oracle Outlook Connector To install and configure Oracle Outlook Connector for Outlook to send and receive e-mail and to access your TechTime TM calendar, do the following. 1. Run
CA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
Setting up Citrix XenServer for 2X VirtualDesktopServer Manual
Setting up Citrix XenServer for 2X VirtualDesktopServer Manual URL: www.2x.com E-mail: [email protected] Information in this document is subject to change without notice. Companies, names, and data used in examples
qliqdirect Active Directory Guide
qliqdirect Active Directory Guide qliqdirect is a Windows Service with Active Directory Interface. qliqdirect resides in your network/server and communicates with qliqsoft cloud servers securely. qliqdirect
Security Provider Integration LDAP Server
Security Provider Integration LDAP Server 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property
Configuration Guide BES12. Version 12.3
Configuration Guide BES12 Version 12.3 Published: 2016-01-19 SWD-20160119132230232 Contents About this guide... 7 Getting started... 8 Configuring BES12 for the first time...8 Configuration tasks for managing
DIGIPASS Authentication for Sonicwall Aventail SSL VPN
DIGIPASS Authentication for Sonicwall Aventail SSL VPN With VASCO IDENTIKEY Server 3.0 Integration Guideline 2009 Vasco Data Security. All rights reserved. PAGE 1 OF 52 Disclaimer Disclaimer of Warranties
An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)
Chapter 94 Intacct This section contains the following topics: "An overview of configuring Intacct for single sign-on" on page 94-710 "Configuring Intacct for SSO" on page 94-711 "Configuring Intacct in
Volume SYSLOG JUNCTION. User s Guide. User s Guide
Volume 1 SYSLOG JUNCTION User s Guide User s Guide SYSLOG JUNCTION USER S GUIDE Introduction I n simple terms, Syslog junction is a log viewer with graphing capabilities. It can receive syslog messages
