Choose Authentication Method
Authentication validates the user's identity based on some credentials, such as a username/password combination or a client certificate.
Select a method to authenticate users. The setup options vary based on your selection.
-
None — Management and Security Server does not present a login screen. Any user can access their assigned sessions without being prompted for credentials. Session authorization is not available.
-
LDAP — Management and Security Server makes a read-only connection to your existing LDAP (Lightweight Directory Access Protocol) server to verify usernames and passwords. You can also use LDAP to authorize session access. LDAP is an industry standard application protocol for accessing and maintaining distributed directory information services over a network.
Note
You can enable more than one LDAP server.
-
Single sign-on through IIS — This method uses Microsoft's IIS web server. See the MSS Deployment Guide for more information.
Alert
Single sign-on through IIS has been deprecated and will be removed in the next update. Please see the release notes for more information.
-
Windows Authentication - Kerberos — Kerberos is an authentication protocol that uses cryptographic tickets to avoid transmitting plain text passwords. Client services obtain ticket-granting tickets from the Kerberos Key Distribution Center (KDC) and present those tickets as their network credentials to gain access to services. Be sure to enable Kerberos.
Note
If Kerberos is enabled and you wish to use a different authentication method, you must first disable Kerberos. See Disabling Kerberos.
-
OpenID Connect — OpenID Connect (OIDC) is an open standard security protocol that delegates authentication to a third-party identity provider.
-
X.509 — X.509 is a standard for managing digital certificates and public key encryption. When you use certificate-based authentication, you can specify the certificate source and setting for LDAP failover if certificate-based authentication fails. Be sure to check the setup requirements.
-
SiteMinder — To enable this option on a Windows system, install both MSS and a SiteMinder web agent on the same machine as IIS, and set up the server to use your IIS web server.
Alert
SiteMinder has been deprecated and will be removed in the next update. Please see the release notes for more information.
-
Micro Focus Advanced Authentication — MSS provides an optional Add-on to use Advanced Authentication™, a separate Micro Focus product that provides a multi-factor authentication solution that uses a chain of authentication methods.
-
SAML — SAML (Security Assertion Markup Language) is an xml-based open standard format that exchanges authentication and authorization data between an identity provider and a service provider.