SlideShare ist ein Scribd-Unternehmen logo

How to -_implement_clientless_single_sign_on_authentication_in_multiple_active_directory_domain

S
SaNju MuLak
Technologie
1 von 15
Downloaden Sie, um offline zu lesen
How To - Implement Clientless Single SignTo Authentication in MultipleClientless Domain Controller How On - Implement Active Directory Single Sign On Environment Authentication in Multiple Active Directory Domain Controller Environment Applicable to – All the versions of Windows This article describes how to implement Clientless single sign on authentication with Active Directory integration. Cyberoam – ADS integration feature allows Cyberoam to map the users and groups from Active Directory for the purpose of authentication. Prerequisites:  NetBIOS Domain name  FQDN Domain name  Search DN  Active Directory Server IP address  Administrator Username and Password (Active Directory Domain)  IP address of Cyberoam Interface connected to Active Directory server  Import AD groups  Configure Clientless SSO Configuring ADS authentication Logon to Cyberoam Web Admin Console and follow the below given steps: Step 1: Create ADS user groups. Please check Cyberoam version before you continue as this is version specific step. All Versions below 9.5.3 build 14 Go to Group> Add Group and create all the ADS user groups For mapping the ADS user groups with the Cyberoam user groups, create all the ADS user groups into Cyberoam before ADS users log on to Cyberoam for the first time. If the ADS groups are not created in Cyberoam, all the users will be assigned to the Default group of Cyberoam. If all the ADS user groups are created in Cyberoam before users log on to Cyberoam then user will be automatically created in the respective group when they log on to Cyberoam. Version 9.5.3.14 or above Instead of creating groups again in Cyberoam, you can import AD groups into Cyberoam using Import Wizard. One can import groups only after integrating and defining AD parameters into Cybeoam. If you intend to import group, skip this step. Step 2: Define Authentication parameters Go to User>Authentication Settings Select „Active Directory‟ under Configure Authentication & Integration parameters 1
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Select Default Group. Cyberoam will create user(s) in the respective groups if groups are already created in Cyberoam otherwise user will be created in the group selected as Default group. Click Update to save the settings Step 3: Configure Cyberoam to use Active Directory Click Add to configure Active Directory parameters Specify IP address of Active Directory Specify TCP/IP port number in Port field. It is the port on which ADS server listens for the authentication requests. On Cyberoam appliance, the default port for ADS traffic is 389. If your AD server is using another port, specify port number in Port field. 2
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Specify NetBIOS Domain name. If you do not know NetBIOS name, refer to section „Determine NetBIOS Name, FQDN and Search DN‟. Specify Active Directory Administrator Username and password Cyberoam allows implementing AD integration in two ways:  Tight Integration – With tight integration, Cyberoam synchronizes groups with AD every time the user tries to logon. Hence, even if the group of a user is changed in Cyberoam, on subsequent log in attempt, user logs on as the member of the same group as configured in Active Directory. In this case group membership of each user is as defined in the Active Directory.  Loose Integration – With loose integration, Cyberoam does the Group management and does not synchronize groups with AD when user tries to logon. By default, users will be the member of Cyberoam default group irrespective of Active Directory group, administrator can change the group membership. Cyberoam will use authentication attribute for authenticating users with Active Directory. Click “Test Connection” to check whether Cyberoam is able to connect to the Active Directory or not. If Cyberoam is able to connect to the Active Directory, click Add to save the configuration. Step 4: Add Domain Query If Cyberoam is able to connect to the Active Directory, click Add to enter Domain name 3
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Enter Domain name (FQDN Domain Name) Click Add and enter Search DN. Check the steps provided in section „Determine NETBIOS Name, FQDN and Search DN‟ to find the Search DN. Click OK to save the query. 4
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Click Save to save the Domain details Step 5: Test Active Directory integration Go to Help>Downloads and click HTTP to open the HTTP client login page. Specify username and password 5
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Username will be displayed on User>Manage Live Users page if user is able to log on to Cyberoam successfully. This completes the AD configuration. Import AD Groups If you have deployed v 9.5.3 build 14 or above, import AD groups into Cyberoam using Import Wizard before configuring for single sign on. 6
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Clientless Single Sign on Implementation Transparent Authentication (Clientless Single Sign on) Cyberoam introduces Clientless Single Sign On as a Cyberoam Transparent Authentication Suite (CTAS). With Single Sign On authentication, user automatically logs on to the Cyberoam when logs on to Windows through his windows username and password. Hence, eliminating the need of multiple logins and username & passwords. But, Clientless Single Sign On not only eliminates the need to remember multiple passwords – Windows and Cyberoam, it also eliminates the installation of SSO clients on each workstation. Hence, delivering high ease-of-use to end-users, higher levels of security in addition to lowering operational costs involved in client installation. Cyberoam Transparent Authentication Suite (CTAS) CTA Suite consists of CTA Agent – It monitors user authentication request coming on the domain controller and sends information to the Collector for Cyberoam authentication. CTA Collector – It collects the user authentication request from multiple agents, processes the request and sends to Cyberoam for authentication. How does Cyberoam CTA Agent work? User Authentication Information Collection Process 1. User tries to log on to the Active Directory Domain Controller from any workstation in LAN. Domain Controller tries to authenticate user credentials. 2. This authentication process is captured and communicated to CTA Collector over default port 5566 by CTA Agent real time. 3. CTA Collector registers user in the Local database and communicates user information to Cyberoam over the default port 6060 4. Cyberoam queries Active Directory to determine user‟s group membership and registers user in Cyberoam database Based on data from CTA Agent, Cyberoam queries AD server to determine group membership and based on which access is granted or denied. Users logged into a workstation directly i.e. locally but not logged into the domain will not be authenticated and are considered as “Unauthenticated” or “Guest” user. For users that are not logged into the domain, the HTTP Login screen prompting for a manual login will be displayed for further authentication. Step 6: Installing CTA Suite Download CTA Suite from www.cyberoam.com/cyberoamclients.html Extract ctas.rar and install CTA Suite on Domain controller by following the on-screen instructions. Administrative right is required to install CTA Suite. 7
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Check for “Cyberoam Transparent Authentication Suite” tab from “Start” > “All Programs”. If installed successfully, “Cyberoam Transparent Authentication Suite” tab will be added. Consider the below given hypothetical network example where single domain controller is configured and follow the below given steps to configure Cyberoam Transparent Authentication: 8
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Step 7: Configure CTA Collector from CTA Collector Tab on Primary Domain Controller 9
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment If “logoff detection settings” is enabled and firewall is configured on the Workstation, please allow the traffic to and from Domain controller. Step 8: Configure Agent from CTA Agent Tab on Primary Domain Controller 10
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment 11
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Step 9: Configure Agent from CTA Agent Tab on Additional Domain Controller 1 12
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Repeat step 9 for all the additional Domain Controller Step 10: Configure Cyberoam Logon to CLI Console with default password, go to Option 4 Cyberoam Console and execute following command at the prompt: corporate>cyberoam cta enable corporate>cyberoam cta collector add collector-ip <ipaddress> collector-port<port number> Please make sure that you restart management services after enabling the CTA services. 13
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Step 11: Enable Security Event logging on Active Directory This completes the configuration. 14
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Determine NetBIOS Name, FQDN and Search DN On the ADS server:  Go to Start>Programs > Administrative Tools > Active Directory Users and Computers  Right Click the required domain and go to Properties tab  Search DN will be based on the FQDN. In the given example FQDN is elitecore.com and Search DN will be DC=elitecore, DC=com Document Version: 2.0 - 15/07/2011 15

Empfohlen

How to -_implement_clientless_single_sign_on_authentication_in_single_active_...
How to -_implement_clientless_single_sign_on_authentication_in_single_active_...How to -_implement_clientless_single_sign_on_authentication_in_single_active_...
How to -_implement_clientless_single_sign_on_authentication_in_single_active_...SaNju MuLak
 
Open Mic "Notes Federated Login"
Open Mic "Notes Federated Login"Open Mic "Notes Federated Login"
Open Mic "Notes Federated Login"Ranjit Rai
 
Open mic activity logging
Open mic activity loggingOpen mic activity logging
Open mic activity loggingRanjit Rai
 
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...Microsoft TechNet - Belgium and Luxembourg
 
Wfl
WflWfl
WflDeepankar panda
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicHarihara sarma
 
A Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign OnA Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign OnGabriella Davis
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Microsoft TechNet - Belgium and Luxembourg
 

Empfohlen

How to -_implement_clientless_single_sign_on_authentication_in_single_active_...
How to -_implement_clientless_single_sign_on_authentication_in_single_active_...How to -_implement_clientless_single_sign_on_authentication_in_single_active_...
How to -_implement_clientless_single_sign_on_authentication_in_single_active_...SaNju MuLak
 
Open Mic "Notes Federated Login"
Open Mic "Notes Federated Login"Open Mic "Notes Federated Login"
Open Mic "Notes Federated Login"Ranjit Rai
 
Open mic activity logging
Open mic activity loggingOpen mic activity logging
Open mic activity loggingRanjit Rai
 
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...Microsoft TechNet - Belgium and Luxembourg
 
Wfl
WflWfl
WflDeepankar panda
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicHarihara sarma
 
A Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign OnA Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign OnGabriella Davis
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Microsoft TechNet - Belgium and Luxembourg
 
Internet Explorer 8
Internet Explorer 8Internet Explorer 8
Internet Explorer 8Eduardo Castro
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFSNatallia Makarevich
 
Cybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-IDCybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-IDabelsonp
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupEPC Group
 
ISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onGabriella Davis
 
Windows Small Business Server 2011 Nasıl Kullanılır
Windows Small Business Server 2011 Nasıl KullanılırWindows Small Business Server 2011 Nasıl Kullanılır
Windows Small Business Server 2011 Nasıl KullanılırMustafa
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSOHuy Pham
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Niit Care
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLGabriella Davis
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Vivek chan
 
ADSelf Service Password Flyer
ADSelf Service Password Flyer ADSelf Service Password Flyer
ADSelf Service Password Flyer ADSelfServicePlus
 
Domain controller join domain
Domain controller join domainDomain controller join domain
Domain controller join domaincuongcong15
 
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_in...
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_in...How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_in...
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_in...SaNju MuLak
 
group policies in windows 2008 server
group policies in windows 2008 servergroup policies in windows 2008 server
group policies in windows 2008 serverkgotthold
 
Chapter09 Implementing And Using Group Policy
Chapter09 Implementing And Using Group PolicyChapter09 Implementing And Using Group Policy
Chapter09 Implementing And Using Group PolicyRaja Waseem Akhtar
 
Windows Server 2008 R2 Group Policy Changes
Windows Server 2008 R2 Group Policy ChangesWindows Server 2008 R2 Group Policy Changes
Windows Server 2008 R2 Group Policy ChangesEduardo Castro
 
Group Policy Windows Server 2008
Group Policy Windows Server 2008Group Policy Windows Server 2008
Group Policy Windows Server 2008Unitek Eduation
 
Windows server 2012 and group policy
Windows server 2012 and group policyWindows server 2012 and group policy
Windows server 2012 and group policyRavi Kumar Lanke
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiGirish Kalamati
 
Administrators manual
Administrators manualAdministrators manual
Administrators manualScrumDesk
 
Administrators manual
Administrators manualAdministrators manual
Administrators manualScrumDesk
 
Azure hands on lab
Azure hands on labAzure hands on lab
Azure hands on labAtanas Gergiminov
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-IDCybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-IDabelsonp
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupEPC Group
 
ISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onGabriella Davis
 
Windows Small Business Server 2011 Nasıl Kullanılır
Windows Small Business Server 2011 Nasıl KullanılırWindows Small Business Server 2011 Nasıl Kullanılır
Windows Small Business Server 2011 Nasıl KullanılırMustafa
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSOHuy Pham
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Niit Care
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLGabriella Davis
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Vivek chan
 
ADSelf Service Password Flyer
ADSelf Service Password Flyer ADSelf Service Password Flyer
ADSelf Service Password Flyer ADSelfServicePlus
 

Was ist angesagt? (11)

Internet Explorer 8
Internet Explorer 8Internet Explorer 8
Internet Explorer 8
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
 
Cybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-IDCybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-ID
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
 
ISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign on
 
Windows Small Business Server 2011 Nasıl Kullanılır
Windows Small Business Server 2011 Nasıl KullanılırWindows Small Business Server 2011 Nasıl Kullanılır
Windows Small Business Server 2011 Nasıl Kullanılır
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAML
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
ADSelf Service Password Flyer
ADSelf Service Password Flyer ADSelf Service Password Flyer
ADSelf Service Password Flyer
 

Andere mochten auch

Domain controller join domain
Domain controller join domainDomain controller join domain
Domain controller join domaincuongcong15
 
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_in...
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_in...How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_in...
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_in...SaNju MuLak
 
group policies in windows 2008 server
group policies in windows 2008 servergroup policies in windows 2008 server
group policies in windows 2008 serverkgotthold
 
Chapter09 Implementing And Using Group Policy
Chapter09 Implementing And Using Group PolicyChapter09 Implementing And Using Group Policy
Chapter09 Implementing And Using Group PolicyRaja Waseem Akhtar
 
Windows Server 2008 R2 Group Policy Changes
Windows Server 2008 R2 Group Policy ChangesWindows Server 2008 R2 Group Policy Changes
Windows Server 2008 R2 Group Policy ChangesEduardo Castro
 
Group Policy Windows Server 2008
Group Policy Windows Server 2008Group Policy Windows Server 2008
Group Policy Windows Server 2008Unitek Eduation
 
Windows server 2012 and group policy
Windows server 2012 and group policyWindows server 2012 and group policy
Windows server 2012 and group policyRavi Kumar Lanke
 

Andere mochten auch (7)

Domain controller join domain
Domain controller join domainDomain controller join domain
Domain controller join domain
 
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_in...
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_in...How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_in...
How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_in...
 
group policies in windows 2008 server
group policies in windows 2008 servergroup policies in windows 2008 server
group policies in windows 2008 server
 
Chapter09 Implementing And Using Group Policy
Chapter09 Implementing And Using Group PolicyChapter09 Implementing And Using Group Policy
Chapter09 Implementing And Using Group Policy
 
Windows Server 2008 R2 Group Policy Changes
Windows Server 2008 R2 Group Policy ChangesWindows Server 2008 R2 Group Policy Changes
Windows Server 2008 R2 Group Policy Changes
 
Group Policy Windows Server 2008
Group Policy Windows Server 2008Group Policy Windows Server 2008
Group Policy Windows Server 2008
 
Windows server 2012 and group policy
Windows server 2012 and group policyWindows server 2012 and group policy
Windows server 2012 and group policy
 

Ähnlich wie How to -_implement_clientless_single_sign_on_authentication_in_multiple_active_directory_domain

Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiGirish Kalamati
 
Administrators manual
Administrators manualAdministrators manual
Administrators manualScrumDesk
 
Administrators manual
Administrators manualAdministrators manual
Administrators manualScrumDesk
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessJason Condo
 
Integrate Rational DOORS and Rational Team Concert change management
Integrate Rational DOORS and Rational Team Concert change managementIntegrate Rational DOORS and Rational Team Concert change management
Integrate Rational DOORS and Rational Team Concert change managementBill Duncan
 
SAP B1 mobile setup-sandeep rathod
SAP B1 mobile setup-sandeep rathodSAP B1 mobile setup-sandeep rathod
SAP B1 mobile setup-sandeep rathodSandeep Rathod
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity managementDavid Pechon
 
Ray’s Food Configuration ScenarioMichael BoddieAdministerin.docx
Ray’s Food Configuration ScenarioMichael BoddieAdministerin.docxRay’s Food Configuration ScenarioMichael BoddieAdministerin.docx
Ray’s Food Configuration ScenarioMichael BoddieAdministerin.docxmakdul
 
Step by step installation of microsoft dynamics 365 finance and operations on...
Step by step installation of microsoft dynamics 365 finance and operations on...Step by step installation of microsoft dynamics 365 finance and operations on...
Step by step installation of microsoft dynamics 365 finance and operations on...Umesh Pandit
 
AZ-500-Questions.pdf
AZ-500-Questions.pdfAZ-500-Questions.pdf
AZ-500-Questions.pdfjohnmight400
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configurationAlberto Rivai
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
 
Windows azure active directory
Windows azure active directoryWindows azure active directory
Windows azure active directoryKrunal Trivedi
 
SecDevOps - The Operationalisation of Security
SecDevOps - The Operationalisation of SecuritySecDevOps - The Operationalisation of Security
SecDevOps - The Operationalisation of SecurityDinis Cruz
 
Configuration manager
Configuration managerConfiguration manager
Configuration managerRaghu nath
 
Configuration manager
Configuration managerConfiguration manager
Configuration managerRaghu nath
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfReliqusConsulting
 

Ähnlich wie How to -_implement_clientless_single_sign_on_authentication_in_multiple_active_directory_domain (20)

Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
Administrators manual
Administrators manualAdministrators manual
Administrators manual
 
Administrators manual
Administrators manualAdministrators manual
Administrators manual
 
Azure hands on lab
Azure hands on labAzure hands on lab
Azure hands on lab
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional Access
 
Integrate Rational DOORS and Rational Team Concert change management
Integrate Rational DOORS and Rational Team Concert change managementIntegrate Rational DOORS and Rational Team Concert change management
Integrate Rational DOORS and Rational Team Concert change management
 
SAP B1 mobile setup-sandeep rathod
SAP B1 mobile setup-sandeep rathodSAP B1 mobile setup-sandeep rathod
SAP B1 mobile setup-sandeep rathod
 
Microsoft Lync Server 2010 Installation
Microsoft Lync Server 2010 InstallationMicrosoft Lync Server 2010 Installation
Microsoft Lync Server 2010 Installation
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity management
 
Ray’s Food Configuration ScenarioMichael BoddieAdministerin.docx
Ray’s Food Configuration ScenarioMichael BoddieAdministerin.docxRay’s Food Configuration ScenarioMichael BoddieAdministerin.docx
Ray’s Food Configuration ScenarioMichael BoddieAdministerin.docx
 
Step by step installation of microsoft dynamics 365 finance and operations on...
Step by step installation of microsoft dynamics 365 finance and operations on...Step by step installation of microsoft dynamics 365 finance and operations on...
Step by step installation of microsoft dynamics 365 finance and operations on...
 
AZ-500-Questions.pdf
AZ-500-Questions.pdfAZ-500-Questions.pdf
AZ-500-Questions.pdf
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configuration
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft Azure
 
Windows azure active directory
Windows azure active directoryWindows azure active directory
Windows azure active directory
 
SecDevOps - The Operationalisation of Security
SecDevOps - The Operationalisation of SecuritySecDevOps - The Operationalisation of Security
SecDevOps - The Operationalisation of Security
 
Configuration manager
Configuration managerConfiguration manager
Configuration manager
 
Configuration manager
Configuration managerConfiguration manager
Configuration manager
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
 

Kürzlich hochgeladen

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

Kürzlich hochgeladen (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 

How to -_implement_clientless_single_sign_on_authentication_in_multiple_active_directory_domain

  • 1. How To - Implement Clientless Single SignTo Authentication in MultipleClientless Domain Controller How On - Implement Active Directory Single Sign On Environment Authentication in Multiple Active Directory Domain Controller Environment Applicable to – All the versions of Windows This article describes how to implement Clientless single sign on authentication with Active Directory integration. Cyberoam – ADS integration feature allows Cyberoam to map the users and groups from Active Directory for the purpose of authentication. Prerequisites:  NetBIOS Domain name  FQDN Domain name  Search DN  Active Directory Server IP address  Administrator Username and Password (Active Directory Domain)  IP address of Cyberoam Interface connected to Active Directory server  Import AD groups  Configure Clientless SSO Configuring ADS authentication Logon to Cyberoam Web Admin Console and follow the below given steps: Step 1: Create ADS user groups. Please check Cyberoam version before you continue as this is version specific step. All Versions below 9.5.3 build 14 Go to Group> Add Group and create all the ADS user groups For mapping the ADS user groups with the Cyberoam user groups, create all the ADS user groups into Cyberoam before ADS users log on to Cyberoam for the first time. If the ADS groups are not created in Cyberoam, all the users will be assigned to the Default group of Cyberoam. If all the ADS user groups are created in Cyberoam before users log on to Cyberoam then user will be automatically created in the respective group when they log on to Cyberoam. Version 9.5.3.14 or above Instead of creating groups again in Cyberoam, you can import AD groups into Cyberoam using Import Wizard. One can import groups only after integrating and defining AD parameters into Cybeoam. If you intend to import group, skip this step. Step 2: Define Authentication parameters Go to User>Authentication Settings Select „Active Directory‟ under Configure Authentication & Integration parameters 1
  • 2. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Select Default Group. Cyberoam will create user(s) in the respective groups if groups are already created in Cyberoam otherwise user will be created in the group selected as Default group. Click Update to save the settings Step 3: Configure Cyberoam to use Active Directory Click Add to configure Active Directory parameters Specify IP address of Active Directory Specify TCP/IP port number in Port field. It is the port on which ADS server listens for the authentication requests. On Cyberoam appliance, the default port for ADS traffic is 389. If your AD server is using another port, specify port number in Port field. 2
  • 3. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Specify NetBIOS Domain name. If you do not know NetBIOS name, refer to section „Determine NetBIOS Name, FQDN and Search DN‟. Specify Active Directory Administrator Username and password Cyberoam allows implementing AD integration in two ways:  Tight Integration – With tight integration, Cyberoam synchronizes groups with AD every time the user tries to logon. Hence, even if the group of a user is changed in Cyberoam, on subsequent log in attempt, user logs on as the member of the same group as configured in Active Directory. In this case group membership of each user is as defined in the Active Directory.  Loose Integration – With loose integration, Cyberoam does the Group management and does not synchronize groups with AD when user tries to logon. By default, users will be the member of Cyberoam default group irrespective of Active Directory group, administrator can change the group membership. Cyberoam will use authentication attribute for authenticating users with Active Directory. Click “Test Connection” to check whether Cyberoam is able to connect to the Active Directory or not. If Cyberoam is able to connect to the Active Directory, click Add to save the configuration. Step 4: Add Domain Query If Cyberoam is able to connect to the Active Directory, click Add to enter Domain name 3
  • 4. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Enter Domain name (FQDN Domain Name) Click Add and enter Search DN. Check the steps provided in section „Determine NETBIOS Name, FQDN and Search DN‟ to find the Search DN. Click OK to save the query. 4
  • 5. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Click Save to save the Domain details Step 5: Test Active Directory integration Go to Help>Downloads and click HTTP to open the HTTP client login page. Specify username and password 5
  • 6. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Username will be displayed on User>Manage Live Users page if user is able to log on to Cyberoam successfully. This completes the AD configuration. Import AD Groups If you have deployed v 9.5.3 build 14 or above, import AD groups into Cyberoam using Import Wizard before configuring for single sign on. 6
  • 7. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Clientless Single Sign on Implementation Transparent Authentication (Clientless Single Sign on) Cyberoam introduces Clientless Single Sign On as a Cyberoam Transparent Authentication Suite (CTAS). With Single Sign On authentication, user automatically logs on to the Cyberoam when logs on to Windows through his windows username and password. Hence, eliminating the need of multiple logins and username & passwords. But, Clientless Single Sign On not only eliminates the need to remember multiple passwords – Windows and Cyberoam, it also eliminates the installation of SSO clients on each workstation. Hence, delivering high ease-of-use to end-users, higher levels of security in addition to lowering operational costs involved in client installation. Cyberoam Transparent Authentication Suite (CTAS) CTA Suite consists of CTA Agent – It monitors user authentication request coming on the domain controller and sends information to the Collector for Cyberoam authentication. CTA Collector – It collects the user authentication request from multiple agents, processes the request and sends to Cyberoam for authentication. How does Cyberoam CTA Agent work? User Authentication Information Collection Process 1. User tries to log on to the Active Directory Domain Controller from any workstation in LAN. Domain Controller tries to authenticate user credentials. 2. This authentication process is captured and communicated to CTA Collector over default port 5566 by CTA Agent real time. 3. CTA Collector registers user in the Local database and communicates user information to Cyberoam over the default port 6060 4. Cyberoam queries Active Directory to determine user‟s group membership and registers user in Cyberoam database Based on data from CTA Agent, Cyberoam queries AD server to determine group membership and based on which access is granted or denied. Users logged into a workstation directly i.e. locally but not logged into the domain will not be authenticated and are considered as “Unauthenticated” or “Guest” user. For users that are not logged into the domain, the HTTP Login screen prompting for a manual login will be displayed for further authentication. Step 6: Installing CTA Suite Download CTA Suite from www.cyberoam.com/cyberoamclients.html Extract ctas.rar and install CTA Suite on Domain controller by following the on-screen instructions. Administrative right is required to install CTA Suite. 7
  • 8. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Check for “Cyberoam Transparent Authentication Suite” tab from “Start” > “All Programs”. If installed successfully, “Cyberoam Transparent Authentication Suite” tab will be added. Consider the below given hypothetical network example where single domain controller is configured and follow the below given steps to configure Cyberoam Transparent Authentication: 8
  • 9. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Step 7: Configure CTA Collector from CTA Collector Tab on Primary Domain Controller 9
  • 10. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment If “logoff detection settings” is enabled and firewall is configured on the Workstation, please allow the traffic to and from Domain controller. Step 8: Configure Agent from CTA Agent Tab on Primary Domain Controller 10
  • 11. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment 11
  • 12. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Step 9: Configure Agent from CTA Agent Tab on Additional Domain Controller 1 12
  • 13. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Repeat step 9 for all the additional Domain Controller Step 10: Configure Cyberoam Logon to CLI Console with default password, go to Option 4 Cyberoam Console and execute following command at the prompt: corporate>cyberoam cta enable corporate>cyberoam cta collector add collector-ip <ipaddress> collector-port<port number> Please make sure that you restart management services after enabling the CTA services. 13
  • 14. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Step 11: Enable Security Event logging on Active Directory This completes the configuration. 14
  • 15. How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Determine NetBIOS Name, FQDN and Search DN On the ADS server:  Go to Start>Programs > Administrative Tools > Active Directory Users and Computers  Right Click the required domain and go to Properties tab  Search DN will be based on the FQDN. In the given example FQDN is elitecore.com and Search DN will be DC=elitecore, DC=com Document Version: 2.0 - 15/07/2011 15