Single Sign On enables users who are logged on to the domain to access the K1000 Administrator Console and User Console without having to re-enter their credentials on the K1000 login page. Use, as an recommendation, Active Directory groups to simplify K1000 user authentication and administration. Using AD groups will provide a better focus on a specific set of users with their relevant roles or function.
This procedure has been tested with Internet Explorer and Google Chrome. This procedure contains example references (which are displayed in Italic font), which can be altered to reflect the actual Active Directory environment.
This process takes about (or a minimum of) 30 minutes, depending on the amount of groups and users, to finish.
Create and configure Active Directory groups
The K1000 appliance has, by default, three LDAP Server definitions configured: Administrator Server, Read Only Administrator Server and User Server. The example corporation, called Contoso, has an dedicated Service Desk Staff for which User Authentication needs to be enabled. Create the following AD groups and add the users into these AD groups.
|LDAP Server||AD Group|
|Read Only Administrator Server||ReadOnlyAdministratorRole|
|Service Desk Staff||ServiceDeskStaffRole|
Create GPO to configure Internet Explorer security zone sites
INTERNET EXPLORER GROUP POLICY ZONE NUMBER MAPPING
|Zone Number||Zone Name|
|2||Trusted Sites Zone|
|4||Restricted Sites Zone|
Create K1000 Roles
The K1000 appliance has, by default, four system defined roles for user access: Administrator, Read Only Administrator, User Console Only and No Access. Create the following role for the Service Desk Staff, according to the procedure mentioned on page 162 of the Admin Guide (Create a Service Desk staff role).
Configure Active Directory as the Single Sign On method
Create, enable and/or configure LDAP Authentication
Follow up on the procedure on page 123, to configure a new LDAP Server definition with the following search filters.
|LDAP Server Name||Advanced Search|
|Read Only Administrator Server||(&(sAMAccountName=KBOX_USER)(memberOf=CN=ReadOnlyAdministratorRole,OU=Groups,OU=Department,DC=corp,DC=contoso,DC=com))|
|Service Desk Staff||(&(sAMAccountName=KBOX_USER)(memberOf=CN=ServiceDeskStaffRole,OU=Groups,OU=Department,DC=corp,DC=contoso,DC=com))|
Testing the User Authentication for Single Sign On (SSO)