Authentication
System settings are available for a user with
superadmin
role only.
Fudo One allows authenticating users with external authentication methods that require configuration:
- CERB,
- RADIUS,
- LDAP,
- Active Directory.
To add an external CERB, Radius, Active Directory or LDAP authentication server, proceed as follows:
- Select Settings > Authentication.
- Click the Add an external authentication source button.
- Select authentication service type:
CERB
,Radius
,Active Directory
orLDAP
. - Provide configuration parameters depending on selected external authentication system type.
- Click Save.
Parameter | Description |
---|---|
CERB | |
Host | Server’s IP address. |
Port | Port used to establish connections with given server. |
Bind address | IP address used for sending requests to given host. |
Service | CERB service used for authenticating Fudo One users. |
Secret | Secret used to establish server connection. |
Second factor | Additional verification step with authentication methods (OATH ) |
RADIUS | |
Host | Server’s IP address. |
Port | Port used to establish connections with given server. |
Bind address | IP address used for sending requests to given host. |
NAS ID | RADIUS server NAS-Identifier parameter. |
Secret | Secret used to establish server connection. |
Second factor | Additional verification step with authentication methods (OATH ) |
LDAP | |
Host | Server’s IP address. |
Port | Port used to establish connections with given server. |
Bind address | IP address used for sending requests to given host. |
Bind DN | Template containing a path which will be used to create queries to LDAP server. |
Encrypted connection | This option is required to be checked for the domain users who change their passwords in the Access Gateway. |
Server certificate | LDAP server certificate. |
Second factor | Additional verification step with authentication methods (OATH ) |
Active Directory | |
Host | Server’s IP address. |
Port | Port used to establish connections with given server. |
Bind address | IP address used for sending requests to given host. |
Active Directory domain | Domain which will be used for authenticating users in Active Directory. |
Encrypted connection | This option is required to be checked for the domain users who change their passwords in the Access Gateway. |
Server certificate | Active Directory server certificate. |
Login | The privileged account’s login name to modify a user password on the Active Directory server. |
Secret | Secret used to establish server connection to modify a user password on the Active Directory server. |
Second factor | Additional verification step with authentication methods (OATH ) |
When additional authentication method (
OATH
) is selected as a Second factor for synchronization with External authentication server (AD / LDAP / CERB / RADIUS), it won’t be enough to just select one of the External authentication server source within the User definition. The additionally selected authentication method should be configured within the User definition as a primary authentication method. Then users’ authentication methods will be automatically synchronized according to External authentication server settings.
Updated about 2 years ago