External Authentication; Configure Access Settings - Polycom RealPresence Immersive Studio Administrator's Manual

• Firewalls should permit inbound traffic to TCP and UDP ports that have been opened earlier
in the outbound direction.

External Authentication

RealPresence ITP systems support two roles for accessing the system, an admin role and a user role.
Admins can perform administrator activities such as changing configuration, as well as user activities
such as placing and answering calls. Users can perform only user-type activities.
The systems provide two local accounts, one for the user role (by default named user) and one for the
admin role (by default named admin). The IDs and passwords for these local accounts are stored on the
RealPresence ITP system itself.
An administrator can configure the system to grant access using network accounts that are authenticated
through an Active Directory (AD) server such as the Microsoft Active Directory server. In this case, the
account information is stored on the AD server and not on the RealPresence ITP system. The AD
administrator assigns accounts to AD groups, one for RealPresence ITP system admin access and one
for user access. For this reason, external authentication is also referred to as Active Directory
authentication.
The RealPresence ITP system administrator configures the external authentication settings on the system
to specify the address of an AD Server for authenticating user logins, AD group for user access, and AD
group for admin access on the RealPresence ITP system. The system can map only one Active Directory
group to a given role.
When External Authentication is enabled in PKI environments where Always Validate Peer Certificates
from Server is enabled on the RealPresence ITP system, make sure to configure the Active Directory
Server Address on the RealPresence ITP endpoint using the address information that is in the Active
Directory Server's identity certificate. This is important in enabling the RealPresence ITP system to
successfully validate the Active Directory Server's identity certificate.
As an example, if the Active Directory Server's identity certificate contains its DNS name only, and no
specific IP address, configuring the Active Directory Server Address on the RealPresence ITP system
using the server's IP address will result in certificate validation failure, and consequently authentication
failure. The RealPresence ITP system configuration would have to specify the server by DNS name in this
case to successfully match the server certificate data.
RealPresence ITP systems support Active Directory on Microsoft Windows Server version 2008 R2 and
Microsoft Windows Server 2012.
Note: The RealPresence ITP system local user account is disabled when Enable Active
Directory External Authentication is enabled. The admin account is active and usable.

Configure Access Settings

Settings in this section enable you to configure remote usage of the RealPresence ITP system, such as
by using the web, a serial port, or Telnet. A session is an instance of a user connected to the system
through one of these interfaces. Sessions include an indication of how you are logged on to the
RealPresence ITP system, such as the local interface, web interface, Telnet, or serial API.
Procedure
1. Go to Admin Settings > Security > Global Security > Access.
2. Configure the following settings.
Polycom, Inc.
Securing the System
35