Release 3.0. Delegated Admin Application Guide
|
|
- Ernest Collin Mills
- 5 years ago
- Views:
Transcription
1 Release 3.0 Delegated Admin Application Guide
2
3 Notice PingDirectory Product Documentation Copyright Ping Identity Corporation. All rights reserved. Trademarks Ping Identity, the Ping Identity logo, PingFederate, PingAccess, and PingOne are registered trademarks of Ping Identity Corporation ("Ping Identity"). All other trademarks or registered trademarks are the property of their respective owners. Disclaimer The information provided in these documents is provided "as is" without warranty of any kind. Ping Identity disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Ping Identity or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Ping Identity or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Support
4 PingDirectory Contents 5 Contents Chapter 1: Introduction to the Delegated Admin application... 7 Delegated Admin overview...8 Prerequisites... 8 Chapter 2: Delegated Admin installation and configuration... 9 Configuration overview Client configuration Setup in a replicated PingDirectory Server environment Install the Delegated Admin application...11 Change the application logo...12 Upgrade Delegated Admin application Install on PingDirectoryProxy Server Configure delegated administrators on the PingDirectory Server Enable the application to create users...14 Configure attributes and attribute search on PingDirectory Server Manage groups...16 Enable log tracing...17 Appendix A: Sample PingFederate configuration...19 PingFederate sample configuration Configure PingFederate as the Identity Provider...20 Configure the OAuth server Configure the Delegated Admin application and PingDirectory Server as OAuth clients...21
5 Chapter 1 Introduction to the Delegated Admin application Topics: Delegated Admin overview Prerequisites Simple account administration can be performed by a group of administrators through the Delegated Admin application. This application manages identity attributes stored in the Directory Server.
6 PingDirectory Introduction to the Delegated Admin application 8 Delegated Admin overview Many organizations need to responsibly delegate some of the responsibility of managing identities in the Directory Server to reduce some of the burden of recurring tasks, such as password resets or updating account data. These simple administrative tasks can be delegated to a subset of administrators. The Directory Server can be installed with the Delegated Admin application, which enables delegated administration of identities for scenarios such as help desk or customer service representatives (CSR) initiating a password reset and unlock; an HR administrator updating an employee profile; or an application administrator updating identity attributes. Prerequisites The Delegated Admin application manages user identity data stored in one or more Directory Servers. After a Directory Server instance is installed, the Delegated Admin application can be installed. You will need the HTTPS port that was configured during Directory Server setup. A PingFederate server is used as the identity provider for authentication and authorization. Follow the PingFederate product documentation for installation and configuration instructions. Additional information is provided here for configuration with the Directory Server and the Delegated Admin application.
7 Chapter 2 Delegated Admin installation and configuration Topics: Configuration overview Client configuration Setup in a replicated PingDirectory Server environment Install the Delegated Admin application Change the application logo Upgrade Delegated Admin application Install on PingDirectoryProxy Server Configure delegated administrators on the PingDirectory Server Enable the application to create users Configure attributes and attribute search on PingDirectory Server Manage groups Enable log tracing The Delegated Admin application relies on a previously installed PingDirectory Server and PingFederate Server. This section includes the configuration needed to support the Delegated Admin application.
8 PingDirectory Delegated Admin installation and configuration 10 Configuration overview The Delegated Admin application must have a PingDirectory Server, and PingFederate Server installed. See the documentation for each product for installation instructions. Configuration to support the Delegated Admin application on the PingDirectory Server includes: Configure administrators as Delegated Admin users. Configure attributes and attribute searching. Configuration on the PingFederate Server includes: Configure PingFederate as the identity provider for the Delegated Admin application. Configure PingFederate as the OAuth server for the Delegated Admin application. Register the Delegated Admin application as a client. Register the PingDirectory Server as an OAuth token validator. Authentication The delegated administrator logs in to the Delegated Admin application through the PingFederate Server, which is configured as the authentication server and OpenID Connect (OIDC) provider. PingFederate validates the user credentials against the PingDirectory Server, and then issues an access token. The application obtains an access token from the PingFederate server, which encapsulates information "claims" about the user identity. The Delegated Admin application then presents this token to the Directory Server in the HTTP Authorization request header. Interaction with the PingDirectory Server The PingDirectory Server is configured to accept access tokens using Access Token Validators. The values that the PingFederate Server sets for access token subject claims must be mappable to a DN in the PingDirectory Server. Setting up an access token validator for use with the Delegated Admin application requires some coordination with the server configuration. In the suggested default configuration, the access token contains the entryuuid of the administrator user entry in the sub field. This value is mapped back to a PingDirectory Server entry using an Exact Match Identity Mapper. Authorization by PingDirectory Server Once validated, the PingDirectory Server checks the Delegated Admin configuration for authorization of the delegated administrator. Users or groups of users are authorized as delegated administrators in the Directory Server Administration Console, or with the dsconfig tool. Client configuration The Delegated Admin application uses PingFederate to authenticate users within the PingDirectory Server. Before installing and configuring the Delegated Admin application, you must configure two OAuth clients within PingFederate. One client is the Delegated Admin application, which will obtain an OIDC token that describes the authenticated user. The second client is the PingDirectory Server itself, which will call PingFederate to validate the OIDC token passed from the Delegated Admin application. Specifically, the Delegated Admin OAuth client must be configured so that: The client id is "dadmin" and it requires no client secret key. The redirect URL is where SERVER:PORT are the public host and port to access the Delegated Admin installation. The grant type is Implicit. The OIDC policy uses JWT tokens, where the entryuuid of the user is passed through the subject claim of the OIDC token.
9 PingDirectory Delegated Admin installation and configuration 11 The PingDirectory Server OAuth client must be configured so that: The client ID is "pingdirectory," and it does require a secret key. The grant type is Access Token Validation. A detailed example of how PingFederate can be configured is available at the end of this guide. Setup in a replicated PingDirectory Server environment Running the Delegated Admin setup script requires special consideration in an environment that includes replicated PingDirectory Servers. If possible, setup the application after replication is enabled for the PingDirectory Servers. See the PingDirectory Server Administration Guide for details about server replication. Set up Delegated Admin in an existing replicated topology Complete the following steps if replication is already enabled for PingDirectory Servers. 1. If needed, configure the PingDirectory Servers to use a configuration group called "all-servers." This will ensure that configuration changes are applied to all servers in a topology. $ bin/dsconfig set-global-configuration-prop \ --set configuration-server-group:all-servers 2. Run the Delegated Admin setup script. See Install the Delegated Admin application. Add an additional server to a replicated topology To add an additional server to a topology containing a server already configured with the Delegated Admin application, perform the following the steps. In this example, "DS1" is the original PingDirectory Server, and "DS2" is the second server that will be added as a replica. 1. Run the config-diff command without arguments on DS1 to produce a batch file that contains configuration changes that will be applied to DS2. $ bin/config-diff > config-changes.dsconfig 2. Apply the config-changes.dsconfig file to DS2. $ bin/dsconfig --no-prompt \ --batch-file config-changes.dsconfig \ --applychangeto single-server 3. Restart DS2. 4. Enable replication between the two servers. Install the Delegated Admin application After the PingDirectory Server and the PingFederate Server have been configured, install the Delegated Admin application. Note: For systems such as Microsoft Windows that do not support bash scripts, copy the delegated-admintemplate.dsconfig file and replace variables (${variable}) with actual values.
10 PingDirectory Delegated Admin installation and configuration 12 If installing the Delegated Admin application on a PingDirectory Server that had "install with sample data" chosen as an installation option, the following ACI must be removed from the PingDirectory Server base DN: (targetattr!="userpassword")(version 3.0; acl "Allow anonymous read access for anyone"; allow (read,search,compare) userdn="ldap:/// anyone" 1. Download and unzip the Delegated Admin application package to a location on the PingDirectory Server. 2. Copy the Delegated Admin delegator folder and its contents into the PingDirectory Server's webapps directory. 3. On Windows systems only, in the Delegated Admin application directory, copy or rename the example.config.js file to config.js. 4. On Windows systems only, in an editor, open the config.js and change the values for the variables according to the local setup. The file contains comments and placeholders for necessary information. Save the changes. The client ID needed in this file is the one defined for the PingFederate configuration. In this file, it is the client intended for token issuance, such as dadmin. 5. On non-windows systems, in the PingDirectory Server /webapps/delegator directory, run the following script to generate a dsconfig batch file. The script generates the config.js file and the dsconfig batch file. $./set-up-delegator.sh 6. Apply the commands in the generated batch file to the PingDirectory Server. If installing in a replicated topology, add the --applychangeto server-group argument. $./bin/dsconfig \ --binddn "cn=directory Manager" \ --no-prompt \ --batch-file webapps/delegator/delegated-admin.dsconfig -w directorypassword 7. Go to to log in to the application. By default, the application has an idle session timeout value of 30 minutes. If necessary, adjust this value in the config.js file. Change the application logo The Ping logo can be changed to your corporate logo by adding the following line to the config.jsfile: window.header_bar_logo = '<filename>'; The logo filetypes supported include, but are not limited to,.jpg,.png, and.svg. Within the application, logo images will be resized to a height of 22px and a maximum width of 150px in order to maintain aspect ratio. Add the logo with the same filename you specified to the build directory. This will display the custom image in the header and make the Ping logo in the sidebar grayscale with a "Powered by" line above it. Upgrade Delegated Admin application If upgrading the Delegated Admin application from a previous version, unzip the new zip file and copy the delegator folder into the PingDirectory Server webapps folder, merging with the previous files and removing any files no longer in the new zip file. Make sure that the config.js file (which was customized during the first installation) is still present.
11 PingDirectory Delegated Admin installation and configuration 13 To enable the application to create users in the PingDirectory Server, run the following command on the PingDirectory Server: $ bin/dsconfig create-delegated-admin-attribute \ --attribute-type sn \ --set "display-name:last Name" This version of the Delegated Admin application requires PingDirectory Server, version 7.2. Install on PingDirectoryProxy Server The Delegated Admin application can be installed on PingDirectoryProxy Server instances using the same PingDirectory Server installation instructions and setup script. Although it is not necessary to run the Delegated Admin application on the PingDirectory Server instances behind PingDirectoryProxy Server, all of the PingDirectory Server instances must have the following configuration elements exactly as they are configured on PingDirectoryProxy Server: The "Delegated Admin Privilege" virtual-attribute. The global ACI "Authenticated access to the multi-update extended request for the Delegated Admin API." The global ACI "Authenticated access to the no-op request control for the Delegated Admin API." The following configuration elements are not needed on the PingDirectory Server instances behind PingDirectoryProxy Server: The "Delegator" web-application-extension. The "PingFederateValidator" access-token-validator. The delegated-admin-resource-type, including all referenced delegated-administrator and delegated-group-administrator definitions. These sections must be removed from the script before the script is run on the backend PingDirectory Server instances. Configure delegated administrators on the PingDirectory Server To use the Delegated Admin application, an administrator must have more than valid credentials and an access token successfully validated by the PingDirectory Server. The administrator must be designated through the Directory Server configuration. To delegate users or groups as administrators, use the PingDirectory Server Administrative Console (Delegated Admin Resource Types), or the dsconfig create-delegated-administrator command. The following sample commands illustrate configuration options for delegated administration, and are performed on the PingDirectory Server. Note: Delegated administrators who only manage users in specified groups cannot create new users. The new user cannot currently be assigned to one of the specified groups when created. Also, administrators who only manage specific subtrees cannot create users in any organization that is not under (or the same as) one of the subtrees. The following command restricts an administrator to manage specified subtrees: $ bin/dsconfig create-delegated-administrator \ --administrator-name admin1 \ --set "admin-user-dn:uid=admin1,ou=people,dc=example,dc=com" \ --set admin-scope:manages-specific-subtrees \ --set "managed-subtree:ou=org1,dc=example,dc=com" \ --set enabled:true
12 PingDirectory Delegated Admin installation and configuration 14 An administrator could be restricted to manage the member users of one or more specified groups. The following example assumes the existence of a static or dynamic group entry whose members include the users to be managed. $ bin/dsconfig create-delegated-administrator \ --administrator-name admin1 \ --set "admin-user-dn:uid=admin1,ou=people,dc=example,dc=com" \ --set admin-scope:manages-users-in-specific-groups \ --set "managed-users-in-group:cn=user Group,dc=example,dc=com" \ --set enabled:true Rather than delegate a single user as an administrator, it may be more convenient to delegate an entire group of users as administrators: $ bin/dsconfig create-delegated-administrator \ --administrator-name admin-group1 \ --set "admin-group-dn:cn=admin Group,ou=people,dc=example,dc=com" \ --set admin-scope:manages-all-entries \ --set enabled:true In this example, groups can be configured to use manage specific subtrees or groups with the managesspecific-subtrees or manages-users-in-specific-groups settings for the admin-scope. For more information about PingDirectory Server administrators and configuring dynamic and static groups, see the PingDirectory Server Administration Guide. Enable the application to create users Creation of new users is enabled in the Delegated Admin application by configuring organizations where the new users will be located. The entries referenced by the organization DNs must exist in the PingDirectory Server. The organization entries can be created using ldapmodify, if necessary. See the PingDirectory Server Administration Guide for information about the ldapmodify tool, or the commandline help. Note: The Delegated Admin application cannot list organizations where the delegated administrator would not be able to manage user entries. Delegated administrators who only manage users in specified groups cannot create new users at all. The new user cannot currently be assigned to one of the specified groups when created. Also, administrators who only manage specific subtrees cannot create users in any organization that is not under (or the same as) one of the subtrees. The following example specifies a single location for new users on the PingDirectory Server: $ bin/dsconfig set-delegated-admin-resource-type-prop \ --set "org-entry-dn:ou=people,dc=example,dc=com" It is also possible to configure multiple organizations. In this case, the Delegated Admin application will give the administrator a choice of location for each new user created. The following example specifies two locations for new users on the PingDirectory Server: $ bin/dsconfig set-delegated-admin-resource-type-prop \ --set "org-entry-dn:ou=org1,dc=example,dc=com" \ --set "org-entry-dn:ou=org2,dc=example,dc=com" Another way of configuring organizations to be available to the Delegated Admin application is to identify them using an LDAP search filter. The following example indicates that any organizationalunit entry below the search base is an allowed location for users to be created: $ bin/dsconfig set-delegated-admin-resource-type-prop \
13 PingDirectory Delegated Admin installation and configuration 15 --set "org-search-filter:(objectclass=organizationalunit)" The default title attribute for organizations is ou to work with organizationalunit entries. This can be changed as follows to work with organization objectclass entries instead: $ bin/dsconfig set-delegated-admin-resource-type-prop \ --set org-title-attribute-type:o The attribute "o" is the only required attribute for entries with objectclass organization, and is the attribute used to identify those entries. By default, new entries are named by their server-generated entryuuid value. This behavior can be changed by configuring the LDAP RDN attribute. The RDN attribute type must also be configured as a Delegated Admin attribute (See Create Delegated Admin attribute). Read-only attributes must not be set as the RDN attribute.in the following example, uid is used to name new entries and becomes a required attribute: $ bin/dsconfig set-delegated-admin-resource-type-prop \ --set create-rdn-attribute-type:uid New users are always created with their configured structural LDAP objectclass. One or more auxiliary LDAP objectclasses can be specified, like the following: $ bin/dsconfig set-delegated-admin-resource-type-prop \ --set auxiliary-ldap-objectclass:ubidpersonaux Existing users that do not have all of the specified auxiliary objectclasses will be updated with the missing objectclasses when those users are edited. Configure attributes and attribute search on PingDirectory Server The file used to install the Delegated Admin application specifies the object class of user entries through structural-ldap-objectclass:inetorgperson, and specifies a number of user attributes to be exposed by the application. 1. If needed, the attribute designated as the primary display attribute can be changed. $ bin/dsconfig set-delegated-admin-resource-type-prop \ --set primary-display-attribute-type:mail 2. Configure any additional user attributes to display in the Delegated Admin application by specifying the LDAP attribute type to be exposed and providing a display name for it. $ bin/dsconfig create-delegated-admin-attribute \ --attribute-type customattr --set "display-name:my custom attribute" 3. When search text is entered in the application, the attributes to be searched in the PingDirectory Server are specified by the search-filter-pattern property. The PingDirectory Server must have appropriate attribute indices defined to satisfy the query. Use the following command to set the search filter. $ bin/dsconfig set-delegated-admin-resource-type-prop \ --set 'search-filter-pattern:( (cn=*%%*)(mail=%%*)(uid=%%*))'
14 PingDirectory Delegated Admin installation and configuration To manage users where the profiles have a large number of attributes, the attributes can be placed into logical groupings, called attribute categories, and given a specified display order. The following commands create attribute categories and specify their display order: $ bin/dsconfig create-delegated-admin-attribute-category \ --display-name "Basic Information" \ --set display-order-index:1 $ bin/dsconfig create-delegated-admin-attribute-category \ --display-name "Contact Information" \ --set display-order-index:2 $ bin/dsconfig create-delegated-admin-attribute-category \ --display-name "Other Attributes" \ --set display-order-index:3 5. The following sample commands assign attributes to a category, and specify the display order of each attribute within its category. Any attributes not assigned to a category are displayed by the application in a miscellaneous category. $ bin/dsconfig set-delegated-admin-attribute-prop \ --attribute-type cn \ --set "attribute-category:basic Information" \ --set display-order-index:1 $ bin/dsconfig set-delegated-admin-attribute-prop \ --attribute-type sn \ --set "attribute-category:basic Information" \ --set display-order-index:2 Manage groups Group administrators can be configured to manage the membership of static groups that exist in the PingDirectory Server. The Delegated Admin application cannot create or delete these groups. Use the following command to delegate a user as a group administrator: $ bin/dsconfig create-delegated-group-administrator \ --administrator-name group-admin1 --set enabled:true \ --set "admin-user-dn:uid=admin1,ou=people,dc=example,dc=com" \ --set user-scope:users-in-specific-subtrees \ --set "user-subtree:ou=org1,dc=example,dc=com" \ --set "manage-membership-of-group:cn=employees,dc=example,dc=com" \ --set "manage-membership-of-group:cn=contractors,dc=example,dc=com" The user scope determines which users are visible to this group administrator. In this example, all users in the subtree ou=org1,dc=example,dc=com are visible. An administrator can be configured as both a delegated administrator able to edit users, and also a delegated group administrator to manage group membership and view users. The group administrator is able to view, and add or remove any of the users within the user-scope to the membership of groups specified by manage-membership-of-group. Static groups can be nested. Users belonging indirectly to a group through nesting, are visible as group members but cannot be removed. Users can only be removed from the group in which they are a member. For example, an Employees group may include a Developers group as a nested member. A user in the Developers group is a direct member of that group, and is also an indirect
15 PingDirectory Delegated Admin installation and configuration 17 member of Employees. This member can only be removed when viewing the Developers group, not when viewing the Employees group. If manage-membership-of-group references a dynamic group or virtual static group, rather than a static group, then that group and its members will be visible, but the group membership cannot be modified. Set group attributes The default settings for group attributes specify cn and description as group attributes, with cn used for the group title in the Delegated Admin application. The equivalent commands to create the default settings are: $ bin/dsconfig create-delegated-admin-group-attribute \ --attribute-type cn \ --set "display-name:name" $ bin/dsconfig dsconfig create-delegated-admin-group-attribute \ --attribute-type description \ --set "display-name:description" $ bin/dsconfig set-delegated-admin-resource-type-prop \ --set group-title-attribute-type:cn Set group search filter When entering search text to search for groups, the attributes to be searched in the PingDirectory Server are specified by the group-search-filter-pattern property. The PingDirectory Server must have appropriate attribute indices defined to satisfy the query. The default setting searches the cn attribute for the search text (represented by % %). Use the following command to set the group search filter: $ bin/dsconfig set-delegated-admin-resource-type-prop \ --set 'group-search-filter-pattern:(cn=*%%*)' Enable log tracing Log tracing can be enabled for OAuth token processing, HTTP request and response actions, and API debugging. To see OAuth token processing and full HTTP request/response tracing, enable the debug trace logger as follows: $ bin/dsconfig set-log-publisher-prop \ --publisher-name 'Debug Trace Logger' \ --set enabled:true To enable dadmin API debug logging, use the following commands: $ bin/dsconfig create-debug-target \ --publisher-name 'File-Based Debug Logger' \ --target-name com.unboundid.directory.server.http \ --set debug-level:verbose $ bin/dsconfig create-debug-target \ --publisher-name 'File-Based Debug Logger' \ --target-name com.unboundid.directory.server.extensions.dadmin \
16 PingDirectory Delegated Admin installation and configuration 18 --set debug-level:verbose $ bin/dsconfig create-debug-target \ --publisher-name 'File-Based Debug Logger' \ --target-name com.unboundid.directory.broker.api \ --set debug-level:verbose $ bin/dsconfig set-log-publisher-prop \ --publisher-name 'File-Based Debug Logger' \ --set enabled:true
17 Appendix A Sample PingFederate configuration Topics: PingFederate sample configuration PingFederate offers many configuration options. This section provides a sample configuration that can be used to support the Delegated Admin application.
18 PingDirectory Sample PingFederate configuration 20 PingFederate sample configuration The following is a sample PingFederate configuration. Minimal support for the Delegated Admin applications includes configuring PingFederate to use the HTML Form Adapter to authenticate users for the Delegated Admin application, and configuring PingFederate to identify an authenticated user through the user s entryuuid, which is mapped to the subject of the OIDC token. Configure PingFederate as the Identity Provider This procedure configures the PingFederate Server as the identity provider for PingDirectory Server. Note: Before starting, download the LDAPS certificate from PingDirectory Server. All other steps are performed on the PingFederate server. See the PingDirectory Server Administration Guide for details. 1. Add roles for OAuth and OIDC and Identity Provider under Server Configuration > Server Settings > Roles and Protocols. 2. Upload the PingDirectory Server LDAPS certificate in Server Configuration > Trusted CAs. 3. Add an LDAP data store in Server Configuration > Data Stores. Specify: a) The PingDirectory Server hostname and LDAPS port. b) Select Use LDAPS. c) Under Advanced, clear the Verify LDAPS hostname option. 4. Create the HTML form IdP Adapter and Password Credential Validator that is used to authenticate users against PingDirectory Server: a) Select Identity Provider > Adapters > Create New Instance. b) Select the HTML Form type. c) Scroll to bottom, and click Manage Password Credential Validators. d) Select Create New Instance. e) Select the LDAP Username Password Credential Validator. f) To use either address or username to log in, enter the following search filter: ( (uid=${username})(mail=${username})) g) Extend the contract with "entryuuid" and "cn". These are used later. h) Click Next and Save until the Create Adapter Instance screen. i) Add a new row to Password Credential Validators, and choose the new LDAP Password Credential Validator. j) Extend the contract with "entryuuid" and "cn". These are used later. k) Check "entryuuid" for pseudonym, and Save. 5. Enable session tracking in Identity Provider > Sessions, and select the Track adapter session for logout and Enable authentication sessions for all sources options. 6. Click Save. Configure the OAuth server 1. Click IdP Adapter Mapping, and add the new IdP adapter for creating OAuth grants. An additional attribute source is not needed. Fulfill the contract with the USER_KEY from Adapter "entryuuid" and USER_NAME from Adapter "cn", and click Save. 2. Click Access Token Management > Create New Instance, or select an existing instance. In this step, JSON Web Tokens are configured as an example: a) Select JSON Web Tokens. b) Choose one-way encryption for JWT, which only requires a symmetric key (not a certificate and private key). This requires the client to validate the token by hitting the validation endpoint on the server. c) Add a row to symmetric keys and use 32 bytes or 64 chars of hex. d) Choose the JWS Algorithm HMAC using SHA-256. e) Choose your symmetric key for Active Symmetric Key ID, and click Next.
19 PingDirectory Sample PingFederate configuration 21 f) Check all options. g) List at least one attribute to be defined in the access token. Add sub, and click Save. 3. Click Access Token Mapping and map the access token attributes from the persistent grant. a) Choose Default Context and the new Access Token Manager. b) Map the sub claim from the USER_KEY of the persistent grant, which is mapped from the entryuuid. 4. Click OpenID Connect Policy Management > Add Policy. a) Choose the previously created Access Token Manager. b) Delete all of the extended contract attributes, except sub. Other scopes defined, if configured. c) Click Next to reach Contract Fulfillment. d) Fulfill the OIDC contract sub with the Access Token attribute sub. e) If a default OIDC policy is not already defined, set this new policy as the default, and click Save. 5. Add scopes for PingDirectory Server APIs. a) Click Scope Management > Exclusive Scopes. b) Add a value and description for urn:pingidentity:directory-delegated-admin. c) Click Save. Configure the Delegated Admin application and PingDirectory Server as OAuth clients The following steps configure PingDirectory Server as the token validator, and the Delegated Admin application as a new client. 1. Click Create new client, and set the client ID and name as "pingdirectory." a) Use client secret for authentication and generate a new secret. Copy the key. b) Check Access Token Validation under Allowed Grant Types, and click Save. When creating a PingFederate Access Token Validator in PingDirectory Server, use the pingdirectory client ID and secret. An Identity Mapper in will also be used in the PingDirectory Server that will take the sub claim and match it against the entryuuid attribute. 2. Click Create new client, and set the client ID and name as dadmin. a) Do not configure authentication. b) Define the redirect URI as " with the host and port of the PingDirectory Server. c) Check Bypass Authorization Approval, and choose the Implicit Grant type. d) Check Allow Exclusive Scopes and check urn:pingidentity:directory-delegated-admin. e) Check Implicit grant type. f) Choose the OIDC policy previously created, and click Save. g) Add " to the CORS origins under OAuth Server > Authorization Server Settings > Cross-Origin Settings.
20 PingDirectory Index 23 Index A attribute configuration 15 B bypass-acl priviledge 11 S search filter 16 U upgrade 12 C change application logo 12 create users 14 D dadmin logging 17 Delegated Admin application configure attributes 15 installation 11 overview 8 prerequisites to install 8 delegated-admin-cfg.dsconfig 8, 11 Directory Server HTTP port 8 document copyright 3 G groups 16 I Identity Provider configuration 20 idle session timeout 11 L LDAPS certificate 20 logo, application branding 12 log traces 17 O OAuth client configuration 21 OAuth server configuration 20 P PingDirectoryProxy Server install 13 PingFederate, as identity provider 8 PingFederate configuration 20 R replicated environment 11
Release Delegated Admin Application Guide
Release 3.2.0 Delegated Admin Application Guide Notice PingDirectory Product Documentation Copyright 2004-2019 Ping Identity Corporation. All rights reserved. Trademarks Ping Identity, the Ping Identity
More informationCoreBlox Integration Kit. Version 2.2. User Guide
CoreBlox Integration Kit Version 2.2 User Guide 2015 Ping Identity Corporation. All rights reserved. PingFederate CoreBlox Integration Kit User Guide Version 2.2 November, 2015 Ping Identity Corporation
More informationCoreBlox Token Translator. Version 1.0. User Guide
CoreBlox Token Translator Version 1.0 User Guide 2014 Ping Identity Corporation. All rights reserved. PingFederate CoreBlox Token Translator User Guide Version 1.0 April, 2014 Ping Identity Corporation
More informationBox Connector. Version 2.0. User Guide
Box Connector Version 2.0 User Guide 2016 Ping Identity Corporation. All rights reserved. PingFederate Box Connector User Guide Version 2.0 March, 2016 Ping Identity Corporation 1001 17th Street, Suite
More informationZendesk Connector. Version 2.0. User Guide
Zendesk Connector Version 2.0 User Guide 2015 Ping Identity Corporation. All rights reserved. PingFederate Zendesk Connector Quick Connection Guide Version 2.0 November, 2015 Ping Identity Corporation
More informationServer 8.3. PingFederate CORS Support
Server 8.3 PingFederate CORS Support Copyright 1 2017 Ping Identity Corporation. All rights reserved. PingFederate CORS Support April 18, 2017 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,
More informationWeb Access Management Token Translator. Version 2.0. User Guide
Web Access Management Token Translator Version 2.0 User Guide 2014 Ping Identity Corporation. All rights reserved. PingFederate Web Access Management Token Translator User Guide Version 2.0 August, 2014
More informationDropbox Connector. Version 2.0. User Guide
Dropbox Connector Version 2.0 User Guide 2016 Ping Identity Corporation. All rights reserved. PingFederate Dropbox Connector User Guide Version 2.0 February, 2016 Ping Identity Corporation 1001 17th Street,
More informationSlack Connector. Version 2.0. User Guide
Slack Connector Version 2.0 User Guide 2015 Ping Identity Corporation. All rights reserved. PingFederate Slack Connector User Guide Version 2.0 December, 2015 Ping Identity Corporation 1001 17th Street,
More informationQuick Connection Guide
ServiceNow Connector Version 1.0 Quick Connection Guide 2015 Ping Identity Corporation. All rights reserved. PingFederate ServiceNow Connector Quick Connection Guide Version 1.0 August, 2015 Ping Identity
More informationOpenID Cloud Identity Connector. Version 1.3.x. User Guide
OpenID Cloud Identity Connector Version 1.3.x User Guide 2016 Ping Identity Corporation. All rights reserved. PingFederate OpenID Cloud Identity Connector User Guide Version 1.3.x January, 2016 Ping Identity
More informationQuick Connection Guide
Amazon Web Services Connector Version 1.0 Quick Connection Guide 2004-2013 Ping Identity Corporation. All rights reserved. PingFederate Amazon Web Services Connector Quick Connection Guide Version 1.0
More informationUpgrade Utility. Version 7.3. User Guide
Upgrade Utility Version 7.3 User Guide 2015 Ping Identity Corporation. All rights reserved. PingFederate Upgrade Utility User Guide Version 7.3 January, 2015 Ping Identity Corporation 1001 17 th Street,
More informationCopyright. Copyright Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 4.
Server 4.3 Copyright 1 Copyright 2017 Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 4.3 June, 2017 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,
More informationPartner Center: Secure application model
Partner Center: Secure application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including
More informationQuick Connection Guide
WebEx Connector Version 1.0.1 Quick Connection Guide 2014 Ping Identity Corporation. All rights reserved. PingFederate WebEx Connector Quick Connection Guide Version 1.0.1 March, 2014 Ping Identity Corporation
More informationWebSphere Integration Kit. Version User Guide
WebSphere Integration Kit Version 2.1.1 User Guide 2012 Ping Identity Corporation. All rights reserved. PingFederate WebSphere User Guide Version 2.1.1 December, 2012 Ping Identity Corporation 1001 17th
More informationWebEx Connector. Version 2.0. User Guide
WebEx Connector Version 2.0 User Guide 2016 Ping Identity Corporation. All rights reserved. PingFederate WebEx Connector User Guide Version 2.0 May, 2016 Ping Identity Corporation 1001 17th Street, Suite
More informationCloud Access Manager Configuration Guide
Cloud Access Manager 8.1.3 Configuration Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide
More informationCSP PARTNER APPLICATION OVERVIEW Multi-tenant application model
CSP PARTNER APPLICATION OVERVIEW Multi-tenant application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express
More informationSafeNet Authentication Service
SafeNet Authentication Service Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep
More informationOAM Integration Kit. Version 3.0. User Guide
OAM Integration Kit Version 3.0 User Guide 2016 Ping Identity Corporation. All rights reserved. PingFederate OAM Integration Kit User Guide Version 3.0 May, 2016 Ping Identity Corporation 1001 17th Street,
More informationCopyright. Copyright Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 5.
Server 5.0 Copyright 1 Copyright 2018 Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 5.0 February, 2018 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,
More informationNimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]
Nimsoft Service Desk Single Sign-On Configuration Guide [assign the version number for your book] Legal Notices Copyright 2012, CA. All rights reserved. Warranty The material contained in this document
More informationSSO Integration Overview
SSO Integration Overview 2006-2014 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 7.2 June, 2014 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationOne Identity Starling Two-Factor Desktop Login 1.0. Administration Guide
One Identity Starling Two-Factor Desktop Login 1.0 Administration Guide Copyright 2018 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software
More informationVersion 7.x. Quick-Start Guide
Version 7.x Quick-Start Guide 2005-2013 Ping Identity Corporation. All rights reserved. PingFederate Quick-Start Guide Version 7.x September, 2013 Ping Identity Corporation 1001 17th Street, Suite 100
More informationRSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013
Ping Identity RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 13, 2013 Product Information Partner Name Ping Identity Web Site www.pingidentity.com Product Name PingFederate
More informationCisco Expressway Authenticating Accounts Using LDAP
Cisco Expressway Authenticating Accounts Using LDAP Deployment Guide Cisco Expressway X8.5 December 2014 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration 4
More informationOctober J. Polycom Cloud Services Portal
October 2018 3725-42461-001J Polycom Cloud Services Portal Copyright 2018, Polycom, Inc. All rights reserved. No part of this document may be reproduced, translated into another language or format, or
More informationAuthenticating Cisco VCS accounts using LDAP
Authenticating Cisco VCS accounts using LDAP Cisco TelePresence Deployment Guide Cisco VCS X6 D14526.04 February 2011 Contents Contents Document revision history... 3 Introduction... 4 Usage... 4 Cisco
More informationCisco TelePresence Authenticating Cisco VCS Accounts Using LDAP
Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP Deployment Guide Cisco VCS X8.2 D14465.07 June 2014 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration
More informationSetting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.8 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationIntegration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate
SafeNet Authentication Manager Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationSAML-Based SSO Configuration
Prerequisites, page 1 SAML SSO Configuration Workflow, page 5 Reconfigure OpenAM SSO to SAML SSO After an Upgrade, page 9 Prerequisites NTP Setup In SAML SSO, Network Time Protocol (NTP) enables clock
More informationQuick Connection Guide
Egnyte Connector Version 1.0 Quick Connection Guide 2015 Ping I dentity Corporation. A ll rights reserved. PingFederate Egnyte Connector Quick Connection Guide Version 1.0 February, 2015 Ping Identity
More informationIWA Integration Kit. Version 3.1. User Guide
IWA Integration Kit Version 3.1 User Guide 2013 Ping Identity Corporation. All rights reserved. PingFederate IWA Integration Kit User Guide Version 3.1 June, 2013 Ping Identity Corporation 1001 17th Street,
More informationSAML-Based SSO Configuration
Prerequisites, page 1 SAML SSO Configuration Task Flow, page 5 Reconfigure OpenAM SSO to SAML SSO Following an Upgrade, page 9 SAML SSO Deployment Interactions and Restrictions, page 9 Prerequisites NTP
More informationCA GovernanceMinder. CA IdentityMinder Integration Guide
CA GovernanceMinder CA IdentityMinder Integration Guide 12.6.00 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationCA SiteMinder Federation
CA SiteMinder Federation Legacy Federation Guide 12.52 SP1 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationSetting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager
Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager Setting Up Resources in VMware Identity Manager (SaaS) You can find the most up-to-date technical documentation
More informationHYCU SCOM Management Pack for F5 BIG-IP
USER GUIDE HYCU SCOM Management Pack for F5 BIG-IP Product version: 5.5 Product release date: August 2018 Document edition: First Legal notices Copyright notice 2015-2018 HYCU. All rights reserved. This
More informationCisco Meeting Management
Cisco Meeting Management Cisco Meeting Management 1.1 User Guide for Administrators September 19, 2018 Cisco Systems, Inc. www.cisco.com Contents 1 Introduction 4 1.1 The software 4 2 Deployment overview
More informationStorageGRID Webscale NAS Bridge Management API Guide
StorageGRID Webscale NAS Bridge 2.0.3 Management API Guide January 2018 215-12414_B0 doccomments@netapp.com Table of Contents 3 Contents Understanding the NAS Bridge management API... 4 RESTful web services
More informationOne Identity Starling Two-Factor HTTP Module 2.1. Administration Guide
One Identity Starling Two-Factor HTTP Module 2.1 Administration Guide Copyright 2018 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software
More informationRelease 7.0. Server Administration Guide
Release 7.0 Server Administration Guide PingDataGovernance Server Product Documentation Copyright 2004-2018 Ping Identity Corporation. All rights reserved. Trademarks Ping Identity, the Ping Identity logo,
More informationCisco IOS HTTP Services Command Reference
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationOne Identity Manager Administration Guide for Connecting to SharePoint
One Identity Manager 8.0.2 Administration Guide for Connecting to Copyright 2018 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software
More information.NET Integration Kit. Version User Guide
.NET Integration Kit Version 2.5.1 User Guide 2012 Ping Identity Corporation. All rights reserved. PingFederate.NET Integration Kit User Guide Version 2.5.1 December, 2012 Ping Identity Corporation 1001
More informationSetting Up Resources in VMware Identity Manager
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.7 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationCopyright. Copyright Ping Identity Corporation. All rights reserved. PingAccess manuals. Version 4.1.3
Server 4.1.3 Copyright 1 Copyright 2005-2016 Ping Identity Corporation. All rights reserved. PingAccess manuals Version 4.1.3 November, 2016 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,
More informationAAA LDAP Configuration Guide, Cisco IOS Release 15M&T
First Published: November 28, 2012 Last Modified: March 08, 2013 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS
More informationCA IdentityMinder. Glossary
CA IdentityMinder Glossary 12.6.3 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your informational
More informationOne Identity Manager 8.0. Administration Guide for Connecting to Azure Active Directory
One Identity Manager 8.0 Administration Guide for Connecting to Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described
More informationpenelope case management software AUTHENTICATION GUIDE v4.4 and higher
penelope case management software AUTHENTICATION GUIDE v4.4 and higher Last modified: August 9, 2016 TABLE OF CONTENTS Authentication: The basics... 4 About authentication... 4 SSO authentication... 4
More informationCA SiteMinder Web Access Manager. Configuring SiteMinder Single Sign On for Microsoft SharePoint 2007 Using Forms-based Authentication
CA SiteMinder Web Access Manager Configuring SiteMinder Single Sign On for Microsoft SharePoint 2007 Using Forms-based Authentication This documentation and any related computer software help programs
More informationCloud Access Manager How to Configure Microsoft SharePoint
Cloud Access Manager 8.1.3 How to Configure Microsoft SharePoint Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described
More informationTIBCO Spotfire Automation Services
Software Release 7.11 LTS November 2017 Two-Second Advantage 2 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationAPI Gateway. Version 7.5.1
O A U T H U S E R G U I D E API Gateway Version 7.5.1 15 September 2017 Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.5.1 No part
More informationOne Identity Manager Administration Guide for Connecting Oracle E-Business Suite
One Identity Manager 8.0.2 Administration Guide for Connecting Oracle E- Copyright 2018 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software
More informationRECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO
July 2017 Contents Introduction...3 The Integrated Solution...3 Prerequisites...4 Configuration...4 Set up BIG-IP APM to be a SAML IdP...4 Create a self-signed certificate for signing SAML assertions...4
More informationNovell Access Manager
Quick Start AUTHORIZED DOCUMENTATION Novell Access Manager 3.1 SP2 June 11, 2010 www.novell.com Novell Access Manager 3.1 SP2 Quick Start Legal Notices Novell, Inc., makes no representations or warranties
More informationCloud Access Manager Overview
Cloud Access Manager 8.1.3 Overview Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished
More informationSetting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1
Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1 Setting Up Resources in VMware Identity Manager (On Premises) You can find the most up-to-date
More informationSafeNet Authentication Service
SafeNet Authentication Service Integration Guide Using SafeNet Authentication Service as an Identity Provider for SonicWALL Secure Remote Access All information herein is either public information or is
More informationOne Identity Manager 8.0. Administration Guide for Connecting to Cloud Applications
One Identity Manager 8.0 Administration Guide for Connecting to Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described
More information<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8
RSA SECURID ACCESS Implementation Guide PingIdentity John Sammon & Gina Salvalzo, RSA Partner Engineering Last Modified: February 27 th, 2018 Solution Summary Ping Identity
More informationNNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6
NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
More informationThe Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide
The Privileged Appliance and Modules (TPAM) 1.0 Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in
More informationHYCU SCOM Management Pack for F5 BIG-IP
USER GUIDE HYCU SCOM Management Pack for F5 BIG-IP Product version: 5.6 Product release date: November 2018 Document edition: First Legal notices Copyright notice 2015-2018 HYCU. All rights reserved. This
More informationDell Secure Mobile Access Connect Tunnel Service User Guide
Dell Secure Mobile Access 11.4 Connect Tunnel Service 2016 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished
More informationQuest Collaboration Services 3.6. Installation Guide
Quest Collaboration Services 3.6 Installation Guide 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide
More informationSafeNet Authentication Service
SafeNet Authentication Service Integration Guide Using SafeNet Authentication Service as an Identity Provider for RadiantOne Cloud Federation Service (CFS) All information herein is either public information
More informationBMC FootPrints 12 Integration with Remote Support
BMC FootPrints 12 Integration with Remote Support 2003-2019 BeyondTrust Corporation. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust Corporation. Other trademarks are
More informationWebthority can provide single sign-on to web applications using one of the following authentication methods:
Webthority HOW TO Configure Web Single Sign-On Webthority can provide single sign-on to web applications using one of the following authentication methods: HTTP authentication (for example Kerberos, NTLM,
More informationMultifactor Authentication Installation and Configuration Guide
Multifactor Authentication Installation and Configuration Guide Software Version 5.0.0.0 General Information: info@cionsystems.com Online Support: support@cionsystems.com 2017 CionSystems Inc. ALL RIGHTS
More informationPerceptive Data Transfer
Perceptive Data Transfer Installation and Setup Guide Version: 6.5.x Written by: Product Knowledge, R&D Date: May 2017 2017 Lexmark. All rights reserved. Lexmark is a trademark of Lexmark International,
More informationOne Identity Quick Connect for Base Systems 2.4. Administrator Guide
One Identity Quick Connect for Base Systems 2.4 Administrator Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described
More informationCA Mobile Device Management Configure Access Control for Using Exchange PowerShell cmdlets
CA Mobile Device Management Configure Access Control for Email Using Exchange PowerShell cmdlets This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter
More informationQuantum Policy Suite Subscriber Services Portal 2.9 Interface Guide for Managers
Quantum Policy Suite Subscriber Services Portal 2.9 Interface Guide for Managers Version 5.5 August 31, 2013 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone
More informationOne Identity Manager 8.0. Administration Guide for Connecting to a Universal Cloud Interface
One Identity Manager 8.0 Administration Guide for Connecting to a Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software
More informationRelease Server Administration Guide
Release 7.0.1 Server Administration Guide Notice PingDirectory Product Documentation Copyright 2004-2018 Ping Identity Corporation. All rights reserved. Trademarks Ping Identity, the Ping Identity logo,
More informationSafeNet Authentication Manager
SafeNet Authentication Manager Integration Guide Using SafeNet Authentication Manager as an Identity Provider for F5 BIG- IP Access Policy Manager All information herein is either public information or
More informationTanium Network Quarantine User Guide
Tanium Network Quarantine User Guide Version 1.0.2 August 14, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as
More informationManaging External Identity Sources
CHAPTER 5 The Cisco Identity Services Engine (Cisco ISE) integrates with external identity sources to validate credentials in user authentication functions, and to retrieve group information and other
More informationOne Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide
One Identity Active Roles 7.2 Azure AD and Office 365 Management Administrator Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright.
More informationOne Identity Manager 8.0. Administration Guide for Connecting to LDAP
One Identity Manager 8.0 Administration Guide for Connecting to Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described
More informationAuthenticating Devices
Authenticating Devices Cisco TelePresence Deployment Guide Cisco VCS X6.1 D14819.01 May 2011 Contents Contents Document revision history... 4 Introduction... 5 Local database... 6 Configuration... 6 H.350
More informationApril Understanding Federated Single Sign-On (SSO) Process
April 2013 Understanding Federated Single Sign-On (SSO) Process Understanding Federated Single Sign-On Process (SSO) Disclaimer The following is intended to outline our general product direction. It is
More informationSafeNet Authentication Service
SafeNet Authentication Service Integration Guide Using SafeNet Authentication Service as an Identity Provider for Tableau Server All information herein is either public information or is the property of
More informationOne Identity Active Roles 7.2. Web Interface Administrator Guide
One Identity Active Roles 7.2 Web Interface Administrator Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationOne Identity Manager 8.0. Administration Guide for Connecting to Active Directory
One Identity Manager 8.0 Administration Guide for Connecting to Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described
More informationVSP16. Venafi Security Professional 16 Course 04 April 2016
VSP16 Venafi Security Professional 16 Course 04 April 2016 VSP16 Prerequisites Course intended for: IT Professionals who interact with Digital Certificates Also appropriate for: Enterprise Security Officers
More informationRSA Two Factor Authentication
RSA Two Factor Authentication Feature Description VERSION: 6.0 UPDATED: JULY 2016 Copyright Notices Copyright 2002-2016 KEMP Technologies, Inc.. All rights reserved.. KEMP Technologies and the KEMP Technologies
More informationAuthentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide
Authentication Services ActiveRoles Integration Pack 2.1.x Administration Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright.
More informationCloudLink SecureVM. Administration Guide. Version 4.0 P/N REV 01
CloudLink SecureVM Version 4.0 Administration Guide P/N 302-002-056 REV 01 Copyright 2015 EMC Corporation. All rights reserved. Published June 2015 EMC believes the information in this publication is accurate
More information