Enabling Active Directory User Authentication in TPAM

14/11/13 9:18 PM

 

The TPAM appliance can utilize External Authentication Sources to permit user access to the TPAM interface for management of the appliance, as an auditor, or just as a normal user wanting to request a password or session from the system.  This article will be focused on allowing users within TPAM to access the appliance with their Active Directory credentials.

First we need to gather some information about the environment and the user(s) that need to authenticate using AD credentials.

For my test lab, below are the requirements:

Domain Name(FQDN): target.local

User Information:

First Name: John

Last Name: Smith

LoginID (sAMAccountName): JSMITH

 

1)      Log into your appliances’ /admin interface with an administrator user (default is parmaster)

2)      Move the mouse to System Status/Setting, move down to External Authentication, then click on WinAD. (The TPAM interface does not require clicking on each option, these are mouse-over activated menus, and only the final option requires a mouse click)

TPAMb1

3)      Within the WinAD Window, Click New System

4)      Enter the System Name, this is a TPAM only reference name and can be anything you want.

5)      Enter Server Address, this can be an IP, a DC FQDN, or preferably, if DNS is working properly, the FQDN of the AD Domain Name.

6)      (Optional) Change the Timeout, the default is 4 hours, maximum is 8 hours.

7)      Click Save Changes and your newly configured System Name appears in the Configured Systems.

TAMb2

At this point, TPAM has a configured external system to authenticate against, but the user account within TPAM must be configured to utilize this External Authentication source.  For this example, I will add a new user to TPAM and configure the user to login with its AD credentials.

8)      Login to your appliances’ /tpam interface with an administrator user (default is paradmin)

9)      Move the mouse to Users & Groups, move to UserIDs, and click on Add UserID.

(The TPAM interface does not require clicking on each option, these are mouse-over activated menus, and only the final option requires a mouse click)

 

TPAMb3

 

 

 

 

2)      Once in the New UserID windows, you will notice a multitude of fields available.  Note the fields with a red asterisk (*).  These fields are mandatory when creating a user within TPAM.

TPAMb4

 

3)      Fill in the User Name field, this is the TPAM User Name and does not necessarily need to be the same as the AD login id, but to cut down on confusion, it is recommended to make them the same.

4)      Fill in the users first and last name in the fields provided.

5)      Fill in any other fields desired, but are not required.

6)      Select the User Type.  The default is Basic and this is what the majority of TPAM users should be configured as.  This selector is where you can define a user as an Auditor, Administrator, etc..

7)      At the bottom of the page is where we define how this user will authenticate to TPAM.  The default is for any new user to authenticate locally to TPAM, and that is what the password fields are for.  If you enter and confirm the password in these boxes, and save the user, this user will authenticate locally to the TPAM appliance.

8)      The User Authentication section right below the Password is how you define this user to utilize the External Authentication we created earlier.

9)      On the Primary, Click on the drop down next to Local. Select WinAD.  When this is done, notice the Select a System drop down enables and the password and confirm boxes go away.

10)   Click the drop down for Select a system, and select the External Authentication that was defined earlier.

11)   In the UserID box, enter the users AD sAMAccountName or UPN (if desired).

12)   Your new user window should look similar to the image below.  Click Save Changes.

TPAMb5

 

Now you have an External Authentication source and a new user configured to utilize that source.  Now we just need to test it.

1)      Log Out of TPAM and close all browser windows

2)      Launch your browser and open the /tpam interface and Login with your new user.

3)      If everything was configured properly and Active Directory is reachable, then your new user will receive the TPAM page below: (Note the user ID in the upper right corner)

TPAMb6

Notice that this window is pretty sparse, since this was a new user created only for demoing External Authentication, it has no access to anything else in the system, but that is for another day.

 

Author: Russ Burden LeadThem Consulting Architect

 

 

 ———————————————————————————————————————————————————————————————-

 

 

 

Posted by LeadThem Consulting | in TPAM | Comments Off on Enabling Active Directory User Authentication in TPAM

Comments are closed.