The Authentication window allows you to manage SAML, LDAP (Lightweight Directory Access Protocol), and SiteMinder integration and access.
LDAP Integration Tab
LDAP integration enabled – An indication of whether LDAP integration is being used.
LDAP Information – Allows you to enter server information for LDAP.
Server – The name of the server on which LDAP is installed.
User name – The name of the user account with which to login to LDAP. The username must have browser rights to the LDAP directory. Use one of the following forms:
- Domain\username (Active Directory only)
- Username@domain (Active Directory only)
Distinguished name (Active Directory and OpenLDAP) Password – The corresponding password for the user account.
Domain – The LDAP distinguished name for the domain.
User domain – The domain (for example, ou=houston) used to limit searches to a specific organizational unit in the LDAP structure. This field is also used in the distinguished name completion rules for OpenLDAP.
Access group – The LDAP object created specifically for use with the Suite using LDAP distinguished name syntax. For example: cn=bridgeway, cn=users, dc=sub-domain, dc=domain, dc=com.
Server Specifics – Allows you to enter information specific to the server.
LDAP server type – The type of directory service (such as Microsoft Active Directory or OpenLDAP) used by the operating system on the server.
Encrypted login (Kerberos) – An indication of whether passwords should be encrypted when passed between the server and Suite. The Kerberos computer network authentication protocol will be used if this checkbox is enabled. Encrypting passwords renders them inaccessible to everyone, including the database administrator.
This option is not reversible; passwords cannot be decrypted. If this option is activated then deactivated, all current passwords will be lost. This option will also affect the master login ID password.
Domain – The name of the domain if encrypted login is enabled.
Domain controller – The name of the domain controller if encrypted login is enabled.
Default User Profile – Allows you to select a user account to be copied to create a first-time user account.
Default user profile – A user account whose settings will be copied to create a first-time user account when logging into a Suite application via LDAP. Selecting <None> will disable automatic user account generation.
SiteMinder Integration Tab
SiteMinder integration enabled – An indication of whether SiteMinder integration is being used.
SiteMinder Information – Allows you to enter information for SiteMinder.
Header Variable Name – The name of the header variable provided by SiteMinder. The SiteMinder Web agent passes needed information to Suite through header parameters that the login mechanism can then map into internal user credentials and bypass the normal login procedures.
Login URL – The URL for the SiteMinder Web application. This URL is used to re-direct users to the SiteMinder login when a Suite application session times out.
SAML Integration Tab
SAML integration enabled – An indication of whether SAML integration is being used.
IDP information – Allows you to enter server information for IDP.
Import XML File – Click to import the IDP metadata XML file.
SP information – Allows you to enter information specific to the service provider.
Entity ID – The URL of the Suite instance with the suffix of /sp.xml
Consumer Service Base URL – The URL of the Suite instance that is accessible to the IdP and is also the base URL that is used in the rules and scheduler of Suite Manager.
Signs Authentication Requests – Enables the service provider to sign authentication requests.
Requires Signed Assertions – Enables the service provider to require signed assertions.
Authentication attributes – The attributes or claims that are used to authenticate the user in IdP.
CN – The common name for the secure Web address for which the SSL Server Certificate was issued
Save – Click to save any changes to the window.