Managing Active Directory Authentication and Authorization

>What is Active Directory Authentication and Authorization?

>Updating Active Directory Users in Sentinel EMS

>Role Associations for Active Directory Users

New to Sentinel EMS?
See How to Use Sentinel EMS?

What is Active Directory Authentication and Authorization?

Active Directory is a directory service implemented by Microsoft for Windows domain networks. An Active Directory domain controller authenticates and authorizes users in a Windows-domain network by enforcing security policies for all computers.

Using Sentinel EMS you can do the following:

>Authenticate the login account information (User ID and Password) using Active Directory. Active Directory authentication enables users to log in to Sentinel EMS if they have an account in an Active Directory domain.

>Provide role-based authorization using Active Directory. Groups are created and associated with user accounts in the Active Directory. You then create roles in Sentinel EMS for these group names.

Updating Active Directory Users in Sentinel EMS

For authenticating the login account information through Active Directory in Sentinel EMS, the Sentinel EMS database has to be updated with the Active Directory users.

To do so, ensure that a Sentinel EMS administrator user with an administrator role is created and aligned to the administrator created in Active Directory. The Active Directory administrator can then log in to Sentinel EMS and align other Active Directory users with their roles and privileges as required in Sentinel EMS.

Following are some important points to consider when updating Active Directory users:

>Use the Add User button in the Users page to align the Active Directory administrator and users in Sentinel EMS. For more information on how to add a user in Sentinel EMS, see Users.

>When you start typing a name in the User ID field, Sentinel EMS automatically fetches user names matching the string entered from the Active Directory. The names listed are those that exist in Active Directory but not in Sentinel EMS.

>Existing values for attributes such as Email and Expiration Date values are fetched from the Active Directory for the selected name.

Role Associations for Active Directory Users

Sentinel EMS provides role-based authorization using Microsoft Windows Active Directory. Groups are created and associated with user accounts in the Active Directory. These group names are the roles that you create in Sentinel EMS.

To be able to use the groups in Active Directory for authorization in Sentinel EMS:

1.Create the same role name in Sentinel EMS for each group name in Active Directory. For example, if an Order Taker group exists in Active Directory then create an Order Taker role in Sentinel EMS.

2.Add permissions to roles. For details, see Roles.

NOTE   For a scenario where you rollback from LDAP authentication and authorization to Sentinel EMS Basic authentication (DB), ensure that the Sentinel EMS Admin user is assigned the Sentinel EMS Admin role. This will allow the Admin user to log in to Sentinel EMS and realign other users with their roles and privileges as required.