Table of Contents
Advertisement
2
Technology > MEAP > Login Service > Authentication methods of SSO-H
■ Authentication methods of SSO-H
SSO-H can use multiple authentication methods, and the user can toggle between them
from a Web browser. (Refer to the MEAP Authentication System Settings Guide 'User
Authentication Method Settings'.)
CAUTION:
The factory shipment setting is 'Domain authentication + local device authentication'.
In order to provide increased security, as soon as SSO is used, it is recommended that
the administrator's user name and password in local device authentication be changed
from the factory shipment settings as soon as possible.
● Local device authentication
This is an authentication method that is used for single iR devices. The authenticating
users are registered in the iR device's database. User management is performed on the
Web application provided by the device, or from the imageWARE Enterprise Management
Console/ iW Management Console. The login destination is [This device].
● Domain authentication
This is a form of user authentication which operates in collaboration with the domain controller
on the Active Directory environment network and, as soon as the iR device is logged into,
carries out authentication of the domain on the network. In addition to users belonging to
the domain that includes the iR device, users belonging to domains that have a reliable
relationship with the domain (multi-domain) can also be authenticated. The domain name of
the login destination can be selected by the users themselves upon login.
The function makes use of options iW EMC Accounting Management Plig-in to enable
analysis and management of the iR device usage status.
The protocol used is as follows.
• Kerberos : LLS / RLS / ILS
• NTLMV2 : WLS (Web Service Login Service)
User information acquisition is done by LDAP, so the Active Directory LDAP port needs to be
made accessible. If LDAP connection fails, the authentication will end in error.
No. of supported domains: 200 (unchanged from SSO) Site access supported.
2
Technology > MEAP > Login Service > Authentication methods of SSO-H
Differences from conventional SSO
Domain B
Domain C
DC
DC
DC
SA
Device
Domain A
SSO
● Domain authentication + local device authentication
This is a user authentication method that provides both domain authentication and local
device authentication functionalities. Principally, domain users who are registered/ managed
by the Active Directory are authenticated by domain authentication, and local device
authentication can be used when it is necessary to authenticate a temporary user that cannot
be added to the Active Directory. Also, should there be any kind of a problem with the domain
controller or Security Agent (SSO only), local device authentication can be used in emergency
situations, while waiting for normal status to be restored.
In the figure shown below, users belonging to Domain A, which includes the iR device,
and users belonging to Domain B, which has a reliable relationship with Domain A, can be
authenticated, and users registered with the iR device itself can also be registered. The login
destination (domain name or [This device]) is se lected by the user upon login.
Domain A
Domain Controller
( Active Directory )
Domain A User
Domain B
Domain C
DC
DC
DC
Device
Domain A
SSO-H
Domain B
Domain Controller
( Active Directory )
iR Device
Domain B User
F-2-274
2-195
F-2-273
2-195
- Quick Links:
- Service Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
