Chat now with support
Chat with Support

KACE as a Service 7.1 - Administrator Guide

About the KACE Systems Management Appliance (K1000) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations
Setting up License Compliance Managing License Compliance Setting up Service Desk Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the K1000 Agent Manually deploying the K1000 Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the K1000
Appendixes Glossary About us Legal notices

View or edit user profiles

View or edit user profiles

You can view general information about your user profile, and edit some settings, when needed.

The User Profile dialog box allows every user to quickly change their password, review the devices and assets assigned to them, and any Service Desk Tickets that they created. Users with administrative-level permissions can also edit some additional parameters, such as their name, email, manager, and locale. They can also quickly go to the User Detail page to review additional information about their account, and to make any changes, as needed.

For more information about editing user accounts using the User Detail page, see the following topics:

Log in to the K1000 Administrator Console, http://K1000_hostname/admin, where K1000_hostname is the hostname of your appliance. Or, if Show organization menu in admin header is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
Log in to the K1000 System Administration Console, http://K1000_hostname/system, where K1000_hostname is the hostname of your appliance, or select System from the drop-down list in the top-right corner of the page.
Log in to the K1000 User Console, http://K1000_hostname/user, where K1000_hostname is the hostname of your appliance, or select User Console from the drop-down list in the top-right corner of the page.
The User Profile dialog box appears.
3.
Review and edit the information on the User Profile dialog box, as needed.

Tab

Option

Description

Profile

Login

The name the user types in the Login ID field on the login page.

Name

The user’s full name.

Primary Email

The user’s email address.

Manager

The user’s manager.

Locale

The locale to use for the Administrator Console and User Console for the user.

Update Password

The password the user types when logging in.

If the Organization component is enabled on your appliance, or if you want to link multiple K-Series appliances, use caution when changing the password of the admin account. Admin account passwords for the System-level, for organizations, and for linked appliances must be the same if you want to switch among them using the drop-down list in the top-right corner. The drop-down list shows only those organizations and appliances whose admin account passwords are the same.

Devices

Name

The device name.

Subtype

The Asset Subtype for this device, if one is assigned.

Primary Device

Indicates if the device is the primary device for the selected user.

Assets

Name

The asset name.

Type

The asset type.

Subtype

The Asset Subtype for this device, if one is assigned.

Service Desk Tickets

Number

The number of the Service Desk ticket the user logged.

Title

The title of the Service Desk ticket the user logged.

Status

The status of the Service Desk ticket the user logged.

4.
Optional. To access the User Detail page, in the top-left corner, click View Full Profile, and continue reviewing and editing the user profile on that page.

Using an LDAP server for user authentication

Using an LDAP server for user authentication

User authentication can be done locally, using accounts created on the K1000 appliance, or externally, using an LDAP server.

If you use external LDAP server authentication, the appliance accesses a directory service to authenticate users. This allows users to log in to the appliance Administrator Console or User Console using their domain username and password.

For information about adding user accounts to the K1000 appliance for local user authentication, see:

About the login account on your LDAP server

About the login account on your LDAP server

To set up LDAP user authentication, you need to create a login account for the K1000 appliance on your LDAP server. The K1000 uses this account to read and import user information from the LDAP server.

The account needs read-only access to the Search Base DN field on the LDAP server. The account does not need write access, because the appliance does not write to the LDAP server.

In addition, the account must have a password that never expires. Because the password never expires, make sure it is very secure. The user can change the password (that complies with the appropriate security requirements), however, the password must be updated in the K1000 appliance. You can give the account a username, such as KACE_Login, or you can attempt to connect to the LDAP server using an anonymous bind.

Configure and test LDAP user authentication

Configure and test LDAP user authentication

You can configure and test connections from the K1000 appliance to an external LDAP server.

1.
Go to the Admin-level Authentication Settings page:
a.
Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
c.
On the Control Panel, click User Authentication.
2.
Select the LDAP Authentication option:

Option

Description

Local Authentication

Enable local authentication (the default). If local authentication is enabled, the password is authenticated against the existing entries in the local database at Settings > Users.

LDAP Authentication

Enable external user authentication using an LDAP server or Active Directory server.

If LDAP Authentication is enabled, the password is authenticated against the external LDAP server.

For assistance with authentication, contact Quest Support at https://support.quest.com/contact-support.

Button

Action

Schedule a user import for the server.

Modify the server definition. For information about the fields in this section, see Table 5.

Remove the server.

Change the order of the server in the list of servers.

4.
Optional: Click New to add an LDAP server. You can have more than one LDAP server configured.

Table 5. Server information

Option

Description

Name

The name you want to use to identify the server.

Host Name or IP Address

The IP address or the hostname of the LDAP server. If the IP address is not valid, the appliance waits to timeout, resulting in login delays during LDAP authentication.

If you have a non-standard SSL certificate installed on your LDAP server, such as an internally-signed certificate or a chain certificate that is not from a major certificate provider such as VeriSign, contact Quest Support at https://support.quest.com/contact-support for assistance.

Port

The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP).

Base DN

The criteria used to search for accounts.

This criteria specifies a location or container in the LDAP or Active Directory structure, and the criteria should include all the users that you want to authenticate. Enter the most specific combination of OUs, DCs, or CNs that match your criteria, ranging from left (most specific) to right (most general). For example, this path leads to the container with users that you need to authenticate:

OU=end_users,DC=company,DC=com.

NOTE: Domain Users is a special group that is not added to the memberof attribute values. For Domain Users members, use this format: (primaryGroupId=513).

Advanced Search

The search filter. For example:

(&(sAMAccountName=KBOX_USERNAME)(memberOf=CN=financial,DC=example,DC=com))

Login

The credentials of the account the K1000 uses to log in to the LDAP server to read accounts. For example:

LDAP Login:CN=service_account,CN=Users,

DC=company,DC=com.

If no username is provided, an anonymous bind is attempted. Each LDAP Label can connect to a different LDAP or Active Directory server.

Password

The password of the account the K1000 uses to log in to the LDAP server.

Role

(Required) The user’s role:

Administrator: The user can log in to and access all features of the Administrator Console and User Console.
Read Only Administrator: The user can log in, but cannot modify any settings in the Administrator Console or User Console.
User Console Only: The user can log in only to the User Console.
No Access: The user cannot log in to the Administrator Console or User Console. No Access is the default role.
6.
Click Save.
a.
Select the LDAP Authentication.
b.
Click the Edit button next to the server on which the user account you are testing is located .
c.
In the Advanced Search: box, replace KBOX_USER with the username to test. The syntax is sAMAccountName=username.
d.
Enter the user’s password in the Password for test field.
e.
Click Test.

If the test is successful, the authentication setup is complete for this user, and other users in the same LDAP container.

Related Documents