Configuring Authentication

  • 5 August 2020
  • 0 replies
  • 206 views

Userlevel 2
Badge +1

Prism Central supports user authentication. There are three authentication options:

  • Local user authentication. Users can authenticate if they have a local Prism Central account (see Managing Local User Accounts).

  • Active Directory authentication. Users can authenticate using their Active Directory (or OpenLDAP) credentials when Active Directory support is enabled for Prism Central.

  • SAML authentication. Users can authenticate through a qualified identify provider when SAML support is enabled for Prism Central. The Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between two parties, ADFS as the identity provider (IDP) and Prism Central as the service provider.

Note: ADFS is the only supported IDP for Single Sign-on.

 

To configure an Active Directory authentication directory or a SAML-based identify provider and to enable client authentication, do the following:

Caution: Prism Central does not allow the use of the (not secure) SSLv2 and SSLv3 ciphers. To eliminate the possibility of an SSL Fallback situation and denied access to Prism Central, disable (uncheck) SSLv2 and SSLv3 in any browser used for access. However, TLS must be enabled (checked).

 

Procedure

  1. Click the gear icon in the main menu and then select Authentication in the Settings page.
    The Authentication Configuration window appears.

  2. To add an authentication directory, click the New Directory button.

A set of fields is displayed. Do the following in the indicated fields:

  • Directory Type: Select one of the following from the pull-down list.

    • Active Directory: Active Directory (AD) is a directory service implemented by Microsoft for Windows domain networks.Note: Users with the "User must change password at next logon" attribute enabled will not be able to authenticate to Prism Central. Ensure users with this attribute first login to a domain workstation and change their password prior to accessing Prism Central. Also, if SSL is enabled on the Active Directory server, make sure that Nutanix has access to that port (open in firewall).

    • OpenLDAP: OpenLDAP is a free, open source directory service, which uses the Lightweight Directory Access Protocol (LDAP), developed by the OpenLDAP project. Nutanix currently supports the OpenLDAP 2.4 release running on CentOS distributions only.Note: OpenLDAP is not supported for Self Service (see the Prism Self Service Administration Guide).

 

Here is the Nutanix Portal Document for the complete procedure:

https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v511:mul-security-authentication-pc-t.html#ntask_cgq_5ch_zt

 


This topic has been closed for comments