Authentication
System settings are available for a user with
superadminrole only.
Fudo One allows authenticating users with external authentication methods that require configuration:
- CERB,
- RADIUS,
- LDAP,
- Active Directory.
To add an external CERB, Radius, Active Directory or LDAP authentication server, proceed as follows:
- Select Settings > Authentication.
- Click the Add an external authentication source button.
- Select authentication service type:
CERB,Radius,Active DirectoryorLDAP. - Provide configuration parameters depending on selected external authentication system type.
- Click Save.
| Parameter | Description |
|---|---|
| CERB | |
| Host | Server’s IP address. |
| Port | Port used to establish connections with given server. |
| Bind address | IP address used for sending requests to given host. |
| Service | CERB service used for authenticating Fudo One users. |
| Secret | Secret used to establish server connection. |
| Second factor | Additional verification step with authentication methods (OATH) |
| RADIUS | |
| Host | Server’s IP address. |
| Port | Port used to establish connections with given server. |
| Bind address | IP address used for sending requests to given host. |
| NAS ID | RADIUS server NAS-Identifier parameter. |
| Secret | Secret used to establish server connection. |
| Second factor | Additional verification step with authentication methods (OATH) |
| LDAP | |
| Host | Server’s IP address. |
| Port | Port used to establish connections with given server. |
| Bind address | IP address used for sending requests to given host. |
| Bind DN | Template containing a path which will be used to create queries to LDAP server. |
| Encrypted connection | This option is required to be checked for the domain users who change their passwords in the Access Gateway. |
| Server certificate | LDAP server certificate. |
| Second factor | Additional verification step with authentication methods (OATH) |
| Active Directory | |
| Host | Server’s IP address. |
| Port | Port used to establish connections with given server. |
| Bind address | IP address used for sending requests to given host. |
| Active Directory domain | Domain which will be used for authenticating users in Active Directory. |
| Encrypted connection | This option is required to be checked for the domain users who change their passwords in the Access Gateway. |
| Server certificate | Active Directory server certificate. |
| Login | The privileged account’s login name to modify a user password on the Active Directory server. |
| Secret | Secret used to establish server connection to modify a user password on the Active Directory server. |
| Second factor | Additional verification step with authentication methods (OATH) |
When additional authentication method (
OATH) is selected as a Second factor for synchronization with External authentication server (AD / LDAP / CERB / RADIUS), it won’t be enough to just select one of the External authentication server source within the User definition. The additionally selected authentication method should be configured within the User definition as a primary authentication method. Then users’ authentication methods will be automatically synchronized according to External authentication server settings.
Updated almost 2 years ago