Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

PowerProtect Data Manager Appliance 5.15.0.0 Security Configuration Guide for DM5500

PDF

Configure an external identity provider

Only the Administrator and the Security Administrator roles can configure an external identity provider.

Steps

  1. From the left navigation pane, select Administration > Access Control.
    The Access Control window appears.
  2. Click the Directory Settings tab.
    Data Manager Appliance displays a list of configured identity providers.
  3. Click Add.
    The Add Directory window appears.
  4. Configure the following attributes:
    Table 1. Identity provider attributesIdentity provider attributes
    Attribute Description
    Server Type Select a supported identity provider type.
    Server Address Type the hostname or IP address of the identity provider. A protocol prefix is not required.
    Secure Connection Only secure connection is supported in DM5500.
    Port Type the port number for the identity provider.
    Domain Type the domain for which this identity provider authenticates users. For example, ldap.example.com.
    User Name Type a user account that has full read access to the directory.
    Password Type the password for the specified user account.
    Group Search Attribute This is a read only field, with this value userPrincipleName.
    Group Member Attribute Type the attribute name that the identity provider should use to validate the group member in the hierarchy.
    Group Search Base If searches should not start from the default base, type the name of a base from which searches should start. For example, if the domain is ldap.example.com, type admin to start searches from admin.ldap.example.com. Otherwise, leave this attribute empty. Only a single search base is supported.

    Populate the default values from this table into the appropriate fields when indicated:

    Table 2. Default attribute valuesDefault attribute values
    Attribute Value or format
    AD over SSL
    Port For secure connections, the default port number is 636.
    Group Search Attribute userPrincipleName
    Group Member Attribute member
  5. If you selected a secure connection method:
    1. Click Verify.
    2. In the Verify Certificate window, verify the details of the identity provider TLS certificate and then click Accept.
    NOTE:When you specify the LDAPS protocol, Data Manager Appliance automatically downloads the certificates required to connect to the identity provider. Once downloaded, the Certificate Validation field appears. Click Verify to compare the displayed certificate information with the expected certificate information. If the certificates match, click Accept to continue with the setup. Otherwise, click Cancel to cancel the setup. There are some pre-requisites for LDAP registration with DM5500 as summarized:
    1. Only a secured AD is supported in DM5500.
    2. Ensure to create a certificate that has the subject common name synchronized with the domain controller hostname.
    3. Ensure to have LDAP DNS in sync to authenticate LDAP.
    4. Primary groups in LDAP group role mapping is not supported.
  6. Click Save.

Next steps

Data Manager Appliance only supports mapping groups to roles but not mapping users to roles.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\