Authentication Server


Selecting Menu Bar → → Auth Server displays the Authentication Server dashboard. The Auth Server tab highlights.


There are features and functions used in UNUM Manager and UNUM Analytics that are common throughout the user interface (UI). Please refer to the Common Functions section for more information on the use of these functions and features.


The UNUM Configuration Authentication Server module provides a convenient method of installing authentication servers. 


Lightweight Directory Access Protocol (LDAP) is a standard communications protocol used to read and write data from a Directory Service (DS). 


Applications use LDAP to add, remove, or search users and groups in a directory services database or to transport credentials for authenticating DS users.


LDAP communication involves a client (such as an application) and a server (such as an LDAP or Active Directory server).


By default, communications over LDAP are unencrypted. Using an unencrypted connection makes it possible for a malicious user to use network monitoring software to view data packets over the wire. 


To alleviate this form of data exposure, UNUM provides an option whereby you enable LDAP over Secure Sockets Layer (SSL)/Transport Layer Security (TLS), also known as LDAPS. 


Please see the specific Use Case Examples for additional information about configuring LDAP and AD services.


Authentication Server


If no Authentication Servers are configured the following dashboard is displayed.


UNUM Platform Configuration Authentication Servers Dashboard


The Authentication Server Management function is used to add, edit or delete LDAP (Lightweight Directory Access Protocol) and AD (Microsoft Active Directory) services. 


After logging in as an Administrator you add or modify your LDAP configuration parameters to allow other users to access UNUM applications.


Configuration Notes for LDAP


Required parameters are in Green and additional recommended settings in Orange with optional parameters in Blue. Any and all values shown are for illustrative purpose only and should not be used in your environment.


Required


Type - LDAP/ LDAPS – LDAP typically uses port 389 over a standard unencrypted TCP connection. If your LDAP connection requires an SSL connection, thus LDAPS, the well-known TCP port for SSL is 636.

Server URL – the URI of the LDAP/LDAPS/AD Directory Server service.

Manager DNAlso known as the Distinguished Name (DN) used to log in to the Directory Service (DS) and search for user accounts. For example: cn=admin,dc=mydomain,dc=com. The Manager DN may require additional parameters such as uid, ou and o (User ID, Organizational Unit and Org) depending on the LDAP service or Service Provider.

Base DN – Sets the base point for searches where <distinguished-name> is the LDAP distinguished name of the node of the directory tree to start searches such as: "ou=users,dc=mydomain,dc=com" - This field sets a point in the schema the query should start searching. For example, ou=users,o=xxxxxxxxxxxxxxxxxxxxxx,dc=mydomain,dc=com  - Upon finding the admin account defined in Manager DN -admin, for example, the full DN is then used to bind with the supplied password.


Entering your actual parameters in the UNUM LDAP settings described below creates a basic connection to the Directory Service.


Recommended


Password – The password for the account specified in the Manager DN.

User DN – The LDAP query string used to find the object representing the user account. The default is empty though "(uid={0})" is sometimes required. The {0} is a required value. It is a token that represents the validated user account. Values entered are dependent on the LDAP service implementation or Service Provider requirements.

User Search Filter – Sets the filter to use to locate individual users in the directory service. The LDAP query string used to find the user account's group objects. The default is empty. In some LDAP scenarios, the name is: "member of." The {0} is a required value. It is a token that represents the validated user account. Values entered are dependent on the LDAP service implementation or Service Provider requirements.


Entering your actual parameters in the UNUM LDAP setting described below authenticates an LDAP user to the Directory Service. These parameters are required to utilize the Test function.


Note: Manager DN and Base DN settings may require additional information depending on the LDAP Service Provider, for example, the ORG ID (o).


Optional


User DN – The LDAP query string used to find the object representing the user account.

User Search Filter – Sets the filter to use to locate individual users in the directory service. The LDAP query string used to find the user account's group objects.


Adding Lightweight Directory Access Protocol (LDAP) Authentication to UNUM


Note: LDAP and AD services require specific information unique to the Service Provider. You must enter the required individual information needed by your Service Provider. The information provided below is for documentation examples and illustrative purposes only. LDAP tools are recommended to aid in troubleshooting LDAP connection issues.


Clicking on the Add Auth Server icon launches the user interface to configure either LDAP (or AD servers) as shown below.


You need the following information from your LDAP Service Provider:


Type – Type of Authentication Service used on the domain, either LDAP, AD or both. 

Server URL – in the format of hostname and type. Select ldap or ldaps (secure ldap).

Base DN – the name of the base organization and domain name.

Manager DN (Distinguished Name) – the distinguished name (DN) used for the LDAP manager.

Manager Password – manager password.

User DN Patterns – DN patterns used for simple bind authentication.

User Search Filter – any search filters. 


In the following example a secure connection to an LDAP service is illustrated. 


The Organizational User Administrator has created the user account, admin, which has a valid account on the service provider system (JumpCloud Service Provider in this example).


Type = LDAP

Server URL = ldaps

Hostname = ldap.jumpcloud.com (example service provider only)

Port = 636 (secure ldaps connection)

Base DN = o=xxxxxxxxxxxxxxxxxxxxxxx,dc=jumpcloud,dc=com

Manager DN = uid=admin, ou=Users, o=xxxxxxxxxxxxxxxxxxxxxx,dc=jumpcloud,dc=com

Password = your_ldap_password associated with the Manager DN account

User DN Pattern = Optional, but sometimes required.

User Search Filter = Optional, but sometimes required.


UNUM Platform Configuration Authentication Servers Add Authentication Server


Click ADD to add the configured LDAP server. Click Cancel to return to the previous screen without making any changes.


UNUM Platform Configuration Authentication Servers Dashboard


Users now login into UNUM using their assigned LDAP credentials on your network. 


Testing the LDAP Connection


To test the LDAP connection, click the Test icon.


The Test Server interface is launched.


Enter the applicable LDAP credentials of an LDAP user and the password associated with the account.


UNUM Platform Configuration Authentication Servers Test LDAP Server


After entering a Username and Password, click on Test.


A Success or Failure message displays confirming the results as illustrated in the example below.


UNUM Platform Configuration Authentication Servers Test LDAP Server Results



LDAP User Roles: 

UNUM currently supports two roles, User and Local Admin. UNUM assigns all LDAP users to the User Role in UNUM.

UNUM ignores any assigned LDAP or AD roles.

Please refer to Manage Users for more information about these roles. 


Modifying LDAP Authentication Server Settings


To modify settings for the LDAP authentication server, click the cog icon icon and select Edit. 


The edit LDAP Server interface is launched and configuration changes are made in the relevant fields.


UNUM Platform Configuration Authentication Servers Modify LDAP Server


You edit the following information:


Type – Type of Authentication Service used on the domain, either LDAP, AD or both. 

Server URL – in the format of hostname and type. Select ldap or ldaps (secure ldap).

Base DN – the name of the base organization.

Manager DN (Distinguished Name) – the distinguished name (DN) used for the LDAP manager.

Manager Password – manager password.

User DN Patterns – DN patterns used for simple bind authentication.

User Search Filter – any search filters. 


Click Update to enter the new LDAP settings. Click Cancel to return to the previous screen without making any changes.


Delete the LDAP Authentication Server


To delete the LDAP authentication server, click the cog icon icon and select Delete.


The delete LDAP server confirmation interface is launched and the deletion is completed by clicking OK. To cancel deleting the LDAP server, click Cancel.


UNUM Platform Configuration Authentication Servers Confirm Delete



Adding AD (Active Directory) Authentication to UNUM


Clicking on the Add Auth Server icon launches the user interface to configure an AD server as shown below.


UNUM Platform Configuration Authentication Servers Add Active Directory Server


Use the Add Auth Server function to authenticate users to your Microsoft Active Directory authentication servers. 


You need the following information from your network administrator:


Type – Type of Authentication Service used on the domain (select AD). 

Server URL – in the format of hostname and type. Select ldap or ldaps (secure ldap).

Base DN – the name of the base distinguished name.

Domain –  the domain name.

User Search Filter – any search filters. 


Click ADD to add the configured AD server. Click Cancel to return to the previous screen without making any changes.


UNUM Platform Configuration Authentication Servers AD Server Dashboard


Users login into UNUM using their assigned AD credentials on your network. 


Testing the Active Directory Connection


To test the Active Directory connection, click the Test icon.


The Test Server interface is launched and used by entering the Username and Password and clicking on the Test.


UNUM Platform Configuration Authentication Servers AD Server Test


Modifying the AD Authentication Server Settings


To modify settings for the AD authentication server, click the cog icon icon and select Edit.


The edit AD server interface is launched, and configuration changes are made in the relevant fields.


UNUM Platform Configuration Authentication Servers Edit Active Directory Server Settings


You edit the following information:


Type – Type of Authentication Service used on the domain (select AD). 

Server URL – in the format of ldap (unsecured) or ldaps (secured). 

Base DN – the name of the base distinguished name.

Domain –  the domain name.

User Search Filter – any search filters. 


Click Update to enter the new LDAP settings. Click Cancel to return to the previous screen without making any changes.


Delete the AD Authentication Server


To delete the LDAP authentication server, click the cog icon icon and click Delete.


The delete AD server confirmation interface is launched and the deletion is completed by clicking OK. To cancel deleting the AD server, click Cancel.


UNUM Platform Configuration Authentication Servers Delete Active Directory Server


As shown in the image below authentication servers are listed as either LDAP or AD and are managed independently. 


Selecting the appropriate icon adds Authentication servers to UNUM. 


Test these servers for proper connection and authentication or edit and remove from UNUM as needed. 


UNUM Authentication Servers Dashboard



Please see the specific Use Case Examples for additional information about configuring LDAP and AD services.


north
    keyboard_arrow_up
    keyboard_arrow_down
    description
    print
    feedback
    support
    business
    rss_feed
    south