- Notes, cautions, and warnings
- Disclaimer
- Preface
- Introduction
- Authentication
- Component access control
- Log in to PowerProtect Data Manager
- User and credential management
- Login security settings
- Authentication types and setup
- Identity providers
- Authentication to external systems
- Authorization
- Log Settings
- Network and Communication Security Settings
- Data Security Settings
- Cryptography
- Security Updates and Patching
- Authenticity and Integrity
- About product authenticity and integrity
- Verification
- Verify the signer or signers for Windows binaries
- Verify the vendor for Linux (RPM-based) packages
- Verify the vendor for Linux (Debian-based) packages
- Verify GPG signatures for Linux (RPM-based) packages
- Verify the signature for JAR files
- Verify SHA-256 checksums in Windows
- Verify SHA-256 checksums in Linux
- Verify SHA-256 checksums in AIX
- Miscellaneous Configuration and Management Elements
- REST API Procedures
PowerProtect Data Manager 19.10 Security Configuration Guide
Configure an external identity provider
Only the Administrator and the Security Administrator roles can configure an external identity provider.
Steps
-
From the left navigation pane, select
.
The Access Control window appears.
-
Click the
Directory Settings tab.
PowerProtect Data Manager displays a list of configured identity providers.
-
Click
Add.
The Add Directory window appears.
-
Configure the following attributes:
Table 1. Identity provider attributesIdentity provider attributes Attribute Description Server Type Select a supported identity provider type. Server Address Type the hostname or IP address of the identity provider. A protocol prefix is not required. Secure Connection Select this attribute if the identity provider uses a secure connection method such as LDAPS or AD over SSL. Selecting this attribute enables the certificate validation controls. Port Type the port number for the identity provider. Domain Type the domain for which this identity provider authenticates users. For example, ldap.example.com. User Name Type a user account that has full read access to the directory. A domain is not required. Password Type the password for the specified user account. Group Search Attribute Type the attribute name that the identity provider should use to validate the group name in the hierarchy. Group Member Attribute Type the attribute name that the identity provider should use to validate the group member in the hierarchy. Group Search Base If searches should not start from the default base, type the name of a base from which searches should start. For example, if the domain is ldap.example.com, type admin to start searches from admin.ldap.example.com. Otherwise, leave this attribute empty. Only a single search base is supported. Populate the default values from this table into the appropriate fields when indicated:
Table 2. Default attribute valuesDefault attribute values Attribute Value or format AD and AD over SSL LDAP and LDAPS Port - For unsecure connections, the default port number is 389.
- For secure connections, the default port number is 636.
Group Search Attribute sAMAccountName cn Group Member Attribute member memberUid -
If you selected a secure connection method:
- Click Verify.
- In the Verify Certificate window, verify the details of the identity provider TLS certificate and then click Accept.
NOTE When you specify the LDAPS protocol, PowerProtect Data Manager automatically downloads the certificates required to connect to the identity provider. Once downloaded, the Certificate Validation field appears. Click Verify to compare the displayed certificate information with the expected certificate information. If the certificates match, click Accept to continue with the setup. Otherwise, click Cancel to cancel the setup. - Click Save.
Next steps
Assign identity provider groups to a role. The section Add identity provider group-to-role mapping provides instructions. You cannot log in as an external user without mapping users or groups to roles.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\