Chatta subito con l'assistenza
Chat con il supporto

KACE Systems Management Appliance 13.2 Common Documents - Administrator Guide

About the KACE Systems Management Appliance Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Managing user notifications Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Deploying the KACE Agent to managed devices Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Registering KACE Agent with the appliance Provisioning the KACE Agent Manually deploying the KACE Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
Using the Security Dashboard About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Windows Feature Updates Managing Dell devices and updates Managing Linux package upgrades Maintaining device and appliance security Manage quarantined file attachments
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the appliance
Appendixes Glossary About us Legal notices

Example: Using Microsoft Active Directory in Azure as a SAML Identity Provider

Example: Using Microsoft Active Directory in Azure as a SAML Identity Provider

When you use Active Directory in Azure as a SAML Identity Provider (IdP), some additional steps are required. This topic describes the process of configuring SAML with Active Directory as an IdP.

b.
Log in to https://portal.azure.com and select Azure Active Directory.
c.
Under App Registrations, create a new registration, leaving the Redirect URI settings cleared.
d.
In the newly created App Registration, on the Endpoints page, copy the contents of the Federation metadata document field.
3.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
4.
Go the SAML Settings page:
a.
On the left navigation bar, click Settings, then click SAML Configuration.
b.
On the SAML Settings page, under Security Assertion Markup Language (SAML), select the Enable SAML Service Provider check box.
5.
In the Remote Identity Provider (IdP) Settings section, specify your IdP metadata to authenticate users by completing the following steps.
a.
Click Get Metadata From IdP.
b.
In the IdP Metadata URL field that appears, enter the contents from the Federation metadata document field that you recorded in 2.d, and click Import IdP Metadata.
The Remote Identity Provider (IdP) Settings section refreshes, showing the details of your IdP configuration. The listed options specify the appliance page redirects during SAML authentication. For more information, visit https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security.
6.
In the Security Assertion Markup Language (SAML) section, ensure the IdP Does Not Support Passive Authentication check box is selected.
7.
In the IdP Attribute Mappings section, select the option that you want to use to grant the SAML user access to the appliance.
Use Local User Table: Relies on the user list stored locally on the appliance.
Use LDAP Lookup: Imports user information from an external LDAP server. For more information, see Using an LDAP server for user authentication.
Select Use SAML, and set the following options:
UID: http://schemas.microsoft.com/identity/claims/objectidentifier
Login: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Name: http://schemas.microsoft.com/identity/claims/displayname
Primary Email: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
8.
If you selected the Use SAML option, under Role Mapping, specify the following condition for the role that you want to grant to SAML-authenticated users (for example, the Administrator role):
Where <Object ID> is the object ID of the group.
9.
Optional. To view the appliance-specific SAML settings on the appliance, in the Local Service Provider (SP) Settings section, click View Metadata, and review the options that appear.
a.
In the Local Service Provider (SP) Settings section, click View Metadata
c.
d.
In the Redirect URIs section, select Web and set it to the SP Assertion Consumer Service (url) value from the SAML Settings page, under Local Service Provider (SP) Settings.
e.
In the Advanced settings, set the Logout URL field to the SP SLO Endpoint (url) value from the Local Service Provider (SP) Settings section.
f.
In Azure, click Expose an API, and click Set next to Application ID URI. Set this field to the SP Entity Identifier (uri) value from the Local Service Provider (SP) Settings section.
g.
In Azure, click Manifest, and in the editor that appears on the right, add or update the "groupMembershipClaims" attribute and set its value to "SecurityGroup" or "All".
For example: "groupMembershipClaims": "SecurityGroup",
11.
Click Save.
c.
Open the Administrator Console or User Console Welcome page.
TIP: When SAML is enabled on the appliance, click Local Sign On, and specify your user credentials.
The Administrator Console or User Console page appears.

Reviewing user sessions

Reviewing user sessions

The appliance keeps track of user sessions. You can review a list of the most recent sessions, or see all sessions for the appliance.

To allow the appliance to display the location associated with the logged-in user's public IP address, you must install a location database. See Install and configure the location database.

You can see all sessions on the Recent Sessions page. For a quick list of the latest sessions associated with your user account, use the My Recent Sessions pane. See View a list of user sessions.

Install and configure the location database

Install and configure the location database

User session details include the IP address of the currently logged-in user. This information is displayed on the Recent Sessions page. For public IP addresses you can also display the geographical location associated with a specific IP address, however this requires a location database to be installed on the appliance. You can install the MaxMind Geolocation database free of charge and display user locations for any public IP address.

MaxMind offers country and city databases. A city database is typically larger in size and takes longer to install. A country database provides only the name of the country associated with each public IP address, while a city database allows the appliance to display the city, state (if applicable), and the country.

You can periodically refresh the location database by installing an updated version. While it is possible to install multiple databases over time, the most recently installed database overwrites the contents of the previous version. For example, if a country database is already installed, and you install a city database on the appliance, the Location column on the Recent Sessions page reflects the information from the newly installed city database.

For complete information about MaxMind Geolocation databases, visit https://www.maxmind.com/.

If the Organization component is enabled on the appliance, log in to the appliance System Administration Console, https://appliance_hostname/system, or select System in the drop-down list in the top-right corner of the page, then select Settings > Control Panel.
3.
On the General Settings page that appears, in the Geolocation Lookup Database section, point to the downloaded ZIP file.
To do that, under MaxMind Geolocation Database, click Choose file and navigate to the newly downloaded file.
4.
Click Save.

Next, you can go to the Recent Sessions page and review the location data for the current user. See View a list of user sessions.

View a list of user sessions

View a list of user sessions

You can review user sessions on the appliance. Use the My Recent Sessions pane to see the latest sessions associated with your account. You can also review all sessions that are currently active on the appliance on the Recent Sessions page.

In case the appliance detects multiple sessions for the current user, the icon displays a red exclamation point.

1.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
3.
In the My Recent Sessions pane that appears, review the list of your latest user sessions.
4.
To see all sessions that are currently active on the appliance, in the My Recent Sessions pane, click View All Recent Sessions.
On the Recent Sessions page that appears, each entry displays the user name, the browser used, the operating system, IP address, the session duration, the date and time of the last activity, and any applicable actions. For users with a public IP address, if you have a location database installed, it also shows their location. See Install and configure the location database.
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione