Manage System Access; External Authentication - Polycom realpresence group series Administrator's Manual

Manage System Access

Managing access to the RealPresence Group system is essential for security. This section includes the
following topics:
●

External Authentication

●
Login and Credentials
●
Secure API Access
●
Configure Admin ID and Password for the Polycom Touch Control
●
Local Accounts
External Authentication
Polycom RealPresence Group systems support two roles for accessing the system, an admin role and a
user role. Admins can perform administrator activities such as changing configuration, as well as user
activities such as placing and answering calls. Users can perform only user-type activities.
Polycom RealPresence Group systems provide two local accounts, one for the user role (by default named
user) and one for the admin role (by default named admin). The IDs and passwords for these local
accounts are stored on the RealPresence Group system itself.
An administrator can configure RealPresence Group systems to grant access using network accounts that
are authenticated through an Active Directory (AD) server such as the Microsoft Active Directory server. In
this case, the account information is stored on the AD server and not on the RealPresence Group system.
The AD administrator assigns accounts to AD groups, one for RealPresence Group system admin access
and one for user access. For this reason, external authentication is also referred to as Active Directory
authentication.
The RealPresence Group system administrator configures the external authentication settings on the
RealPresence Group system to specify the address of an AD Server for authenticating user logins, AD
group for user access, and AD group for admin access on the RealPresence Group system. The
RealPresence Group system can map only one Active Directory group to a given role.
Users can enter their network account credentials to access the system on the following interfaces:
● Web interface (admin access only)
● Local interface (user and admin role accounts when Require Login for System Access is
enabled; admin accounts when admin-only areas of the local interface are accessed)
Note: Active Directory Server with PKI
When External Authentication is enabled in PKI environments where Always Validate Peer
Certificates from Server is enabled on the RealPresence Group system, configure the Active
Directory Server Address on the system using the address information that is in the Active Directory
Server identity certificate. This allows the RealPresence Group system to validate the identity
certificate.
As an example, if the Active Directory Server identity certificate contains its DNS name only, and no
specific IP address, configuring the Active Directory Server Address on the RealPresence Group
system using the server's IP address results in certificate validation failure, and consequently
authentication failure. The RealPresence Group system configuration would have to specify the
server by DNS name, in this case, to successfully match the server certificate data.
Polycom, Inc.
Security
131