External authentication

Some of the authentication methods, require defining connections to external authentication servers. These are:

Authentication servers configuration page

Authentication servers configuration page enables adding new and editing existing authentication servers.

To open the authentication servers configuration page, select Settings > External authentication.

../../_images/external_authentication.png

Adding a new external authentication server

To add an external authentication server, proceed as follows.

  1. Select Settings > External authentication.
  2. Click Add external authentication source.
  1. Select authentication service type.
  2. Provide configuration parameters depending on selected authentication system type.
Parameter Description
CERB  
Host Server’s IP address.
Port Port used to establish connections with given server.
Bind address IP address used for sending requests to given host.
Secret Secret used to establish server connection.
Service CERB service used for authenticating Fudo PAM users.
RADIUS  
Host Server’s IP address.
Port Port used to establish connections with given server.
Bind address IP address used for sending requests to given host.
Secret Secret used to establish server connection.
NAS ID RADIUS server NAS-Identifier parameter.
LDAP  
Host Server’s IP address.
Port Port used to establish connections with given server.
Bind address IP address used for sending requests to given host.
User DN template Template containing a path which will be used to create queries to LDAP server.
Active Directory  
Host Server’s IP address.
Port Port used to establish connections with given server.
Bind address IP address used for sending requests to given host.
Domain Domain which will be used for authenticating users in Active Directory.

Note

Labeled IP addresses

In case of cluster configuration, select a labeled IP address from the Bind address drop-down list and make sure that other nodes have IP addresses assigned to this label. For more information refer to the Labeled IP addresses topic.

  1. Click Save.

Editing authentication server definition

To edit an authorization server definition, proceed as follows.

  1. Select Settings > External authentication.
  2. Find the server definition and change its configuration as desired.
  3. Click Save.

Deleting authentication server definition

To delete authentication server definition, proceed as follows.

  1. Select Settings > External authentication.
  2. Find desired server definition and select Delete.
  3. Click Save.

SMS authentication definition


  1. Select Settings > External authentication.
  2. Choose SMS Authentication tab.
../../_images/sms-authentication.png
  • Input Token length.

Note

The token’s length should be in the range of 4-16.

  • Input Account ID.
  • Input Product token.
  • Input API address and its port.

Note

The values for Account ID, Product token and API address are given by CM.COM service. You need to have a registered account there to be able to obtain the required information.

  1. Click Save.
  2. Go to Management > Users.
  1. Find and select the user for whom you want to enable SMS authentication.
  • Input a phone number in the Phone input field.
  • Under the Authentication section choose Type: SMS.
  • From a First factor drop-down list choose Static password or External authentication (AD or LDAP).
  1. Click Save.
  1. Log in to the portal with SMS code.

DUO authentication definition


  1. Download and install Duo Mobile phone application.
  2. Sign up for a personal account on Duo Security.
  1. Select Settings > External authentication for DUO Authentication configuration.
  1. Choose DUO Authentication tab.
../../_images/duo-authentication.png
  1. Input from the personal Duo Security profile: API address, Integration key and Secret key.
  1. Click Save.
  2. Go to Management > Users.
  1. Find and select the user for whom you want to enable DUO authentication.
  • Under Authentication section choose Type: DUO.
  • From a First factor drop-down list choose Static password or External authentication (AD or LDAP).
  • Input DUO username.
  • Input DUO user id.
  1. Click Save.
  1. Log in to the portal by tapping Accept on push notification from Duo Mobile application.


Related topics: