There are two ways to import user information:
1. |
a. |
Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
NOTE: Use the LDAP Browser to specify the Search Base DN and Search Filter. See Use the LDAP Browser. |
Specify the LDAP attributes to retrieve. For example:
| |||
Enter a label attribute. For example: memberof. | |||
Enter the label prefix. For example: ldap_ The label prefix is a string that is added to the beginning of all the labels. | |||
Enter the binary attributes. For example: objectsid. Binary attributes indicates which attributes should be treated as binary for purposes of storage. | |||
4. |
5. |
In the drop-down list next each attribute, select the value to use for K1000 User attributes during import. Values in the drop-down list are the values specified in the Attributes to retrieve field on the previous page. |
The identifier for the user. Recommended value: objectguid. | |||
|
Not used in the K1000 6.4 release. Recommended value: No Value. |
6. |
Optional: In the Role drop-down list, select the role for the imported users. See Add or edit User Roles. |
7. |
Optional: In the Labels drop-down list, select the label to apply to imported users. See About labels. |
8. |
In the Search Results section below the attribute mapping drop-down lists, verify that the list of users to import is correct, and the information listed for each user is what you expect. To refine your search, click the Back button and revise the search parameters and attributes. |
9. |
10. |
11. |
The Users page appears, and the imported users appear on the list. The imported users can access the features of the Administrator Console, User Console based on the role to which they are assigned.
To keep user data current, schedule regular user data imports from your LDAP server.
1. |
a. |
Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
Select LDAP Authentication, then click the Schedule button next to the server name in the list of servers to schedule a user import: |
The following Read Only Administrator Server Details are displayed:
If you have a non-standard SSL certificate installed on your LDAP server, such as an internally-signed certificate or a chain certificate that is not from a major certificate provider such as VeriSign, contact Quest Support at https://support.quest.com/contact-support for assistance. | |||
The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP). | |||
The criteria used to search for accounts. OU=end_users,DC=company,DC=com. | |||
The search filter. For example: (&(sAMAccountName=KBOX_USERNAME)(memberOf=CN=financial,DC=example,DC=com)) | |||
The password of the account the K1000 uses to log in to the LDAP server. |
Specify the LDAP attributes to retrieve. For example:
| |||
Enter a label attribute. For example: memberof. | |||
Enter the label prefix. For example: ldap_ The label prefix is a string that is added to the beginning of all the labels. | |||
Enter the binary attributes. For example: objectsid. Binary attributes indicates which attributes should be treated as binary for purposes of storage. | |||
4. |
5. |
6. |
Run in combination with an event rather than on a specific date or at a specific time. | |
Run daily at a specified time, or run on a designated day of the week at a specified time. | |
Run on the nth of every month/specific month at HH:MM |
Run on the same day every month, or a specific month, at the specified time. |
7. |
Click Next to display the User Import: Schedule - Define mapping between User attributes and LDAP Attributes page. |
8. |
In the drop-down list next each attribute, select the value to use for K1000 User attributes during import. Values in the drop-down list are the values specified in the Attributes to retrieve field on the previous page. |
The identifier for the user. Recommended value: objectguid. | |||
|
Not used in the K1000 6.4 release. Recommended value: No Value. |
9. |
Optional: In the Role drop-down list, select the role for the imported users. See Add or edit User Roles. |
10. |
If you want the selected role to be a default role for new roles, select the Make default check box. |
11. |
Optional: In the Labels drop-down list, select the label to apply to imported users. See About labels. |
12. |
In the Search Results section below the attribute mapping drop-down lists, verify that the list of users to import is correct, and the information listed for each user is what you expect. To refine your search, click the Back button and revise the search parameters and attributes. |
13. |
14. |
◦ |
Click Back to change settings. |
◦ |
Click Import to save the schedule and import user information immediately. The import begins, and the schedule is set to run according to the options selected in Scheduling section. |
◦ |
Click Finish to save the schedule without importing user information. The schedule is set to run according to the options selected in the Scheduling section. |
Single sign on enables users who are logged on to the domain, or authenticated through a third-party, to access the K1000 Administrator Console and User Console without having to re-enter their credentials on the K1000 login page.
Single sign on is available for:
• |
One domain only: If you have multiple domains, only one can be enabled for single sign on. This is true even if the Organization component is enabled on the K1000 appliance, and you have multiple organizations that are on different domains. Single sign on is a System-level configuration, and organizations cannot be configured independently for single sign on. |
• |
Microsoft Active Directory servers: You can enable single sign on using Microsoft Active Directory servers with 2003 R2 or higher schema versions. Earlier schema versions cannot be used. If the Organization component is enabled on your appliance, the Active Directory single sign on method can be used with multiple organizations. |
• |
Quest Identity Broker: Quest Identity Broker (QIB) is a cloud-based single sign on solution that enables users to request access to the K1000 Administrator Console or User Console using identity providers, such as your organization's Identity Provider. If the Organization component is enabled on your appliance, QIB can be enabled for the default organization only. |
NOTE: Quest recommends that you access the Administrator Console using the web server name rather than the IP address. The web server name can be found on the Network Settings page. See Changing appliance network settings. |
© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy