You can use an external authentication directory service (also called an enterprise directory or authentication login domain) to authenticate users logging in to the appliance instead of maintaining individual local login accounts.
If you replicate the authentication directory service for high availability or disaster tolerance, add the replicated directory service as a separate directory service.
-
Minimum required privileges: Infrastructure administrator.
-
The authentication directory service must already be configured.
-
Obtain an X509 certificate from the directory service provider. This certificate ensures the integrity of communication between the appliance and the directory service. The certificate chain can be fetched automatically. On acceptance, the top certificate (or an intermediate certificate, in the case of a CA certificate) is trusted.
Adding an authentication directory service
-
Either click the Edit icon in the Security panel or select Actions→Edit.
-
On the Edit Security screen, under Directories, click Add Directory.
-
Enter the data requested on the screen. See Add/Edit Directory screen details.
-
IMPORTANT: The decision whether to search the Global Catalog or the domain is based on the scope of the search:
-
Enter the data requested on the screen. See Add Directory Server screen details.
-
Click Add to add the server and return to the Add Directory screen.
-
Click Add to add the authentication directory service or click Add+ to add more directory services.
-
After adding the authentication directory service:
Recommended next step: Add a group with directory-based authentication.