Configuring Authentication Servers

Setting up authentication involves the following: a directory (such as LDAP, Microsoft Active Directory, or the local authentication store on the appliance), an authentication method (username/password, token or smart card, or digital certificate), and other configuration items that make the authentication process unique (for example, an LDAP search base, or adding custom prompts and messages). The SMA appliance supports the leading authentication directories and methods.

After you reference an authentication server in a realm and associate users with the realm, the appliance checks users’ credentials against the credentials stored in the specified authentication repository. You can also set up chained (two-factor) authentication; see Configuring Chained Authentication for details.

To configure an authentication server

1. In the AMC, navigate to System Configuration > Authentication Servers.

2. Click New.

   

3. Select the directory type or authentication method you want to configure:

   Directory type or authentication method selection

   Authentication directory	Credential type	For more information
   Microsoft Active Directory (Basic) Microsoft Active Directory (Advanced)	Username/password	Configuring Microsoft Active Directory Servers
   LDAP	Username/password Digital certificate	Configuring LDAP and LDAPS Authentication
   RADIUS	Username/password Token-based authentication (such as SecurID or SoftID)	Configuring RADIUS Authentication
   Cisco Duo Security Authentication Manager Server	Token-based authentication	Integration of SMA with Cisco Duo Security MFA Server
   One Identity Defender	Username/password Token-based authentication (such as SecurID or SoftID)	One Identity Defender
   RSA Authentication Manager Server	Token-based authentication (such as SecurID or SoftID)	Configuring RSA Server Authentication
   Public key infrastructure (PKI)	Digital certificate (with optional certificate revocation checking)	Configuring a PKI Authentication Server
   SAML 2.0 Identity Provider	Username/password	Configuring a SAML-Based Authentication Server
   Local users (local user storage)	Username/password	Configuring Local User Storage

For further information about tasks after configuring the authentication server, see:

• Defining Multiple Authentication Servers

• Disabling Authorization Checks

• Configuring Chained Authentication

• Enabling Group Affinity Checking in a Realm

• Using One-Time Passwords for Added Security