Chat now with support
Chat with Support

KACE as a Service 7.1 - Administrator Guide

About the KACE Systems Management Appliance (K1000) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations
Setting up License Compliance Managing License Compliance Setting up Service Desk Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the K1000 Agent Manually deploying the K1000 Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the K1000
Appendixes Glossary About us Legal notices

Using Quest Identity Broker for single sign on

Using Quest Identity Broker for single sign on

Quest Identity Broker (QIB) enables users to associate the credentials they use with third-party identity providers, such as your organization's Identity Provider or Microsoft Azure Active Directory. This association makes it possible to use a single sign on to access the Administrator Console or the User Console.

To use QIB to access the Administrator Console or User Console, users must enter the hostname of the K1000 appliance in the browser address field, then click Login with Single Sign On under the login credentials on the login page.

Configure Quest Identity Broker as the single sign on method

Configure Quest Identity Broker as the single sign on method

You can use Quest Identity Broker (QIB) to enable users to log in to the Administrator Console and User Console using credentials from third-party identity providers, such as your organization's Identity Provider and Microsoft Azure™ Active Directory.

QIB can be enabled for a single organization only. If the Organization component is enabled on your appliance, you can enable QIB for the default organization only. To use single sign on with multiple organizations, use Active Directory authentication. See Configure Active Directory as the single sign on method.

1.
Go to the appliance Control Panel:
If the Organization component is enabled on the appliance, log in to the K1000 System Administration Console, http://K1000_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings.
2.
In the Single Sign On section of the Security Settings page, select Quest Identity Broker, then provide the following information:

Option

Description

Web Server Assertion Consuming Service URL

The URL associated with your K1000 appliance. This URL is created automatically during appliance configuration. To enable QIB, contact Quest Support and provide this URL to obtain the Relying Party Identifier for your appliance.

IMPORTANT: If you enable or disable SSL for the appliance, this URL changes. As a result, you need to provide this URL to Quest Support and obtain a new Relying Party Identifier any time SSL settings are changed.

Relying Party Identifier

A unique identifier provided by Quest Support to enable QIB. This identifier determines which identity provider, such as your organization's Identity Provider or Microsoft Azure Active Directory, is used for authentication. You must provide your Web Server Assertion Consuming Service URL to Quest Support to receive this identifier.

Automatically approve user requests

Users requesting single sign on access are automatically granted access to the K1000 User Console if they are authenticated by the third-party identity provider. Accounts for these users are created automatically on the K1000 appliance.

Manually approve user requests

Administrators must approve access requests before users can access the K1000 Administrator Console or User Console. When users attempt to sign on to the K1000 using third-party credentials, the K1000 creates approval requests. When administrators log in to the Administrator Console, a notification stating that approval requests are pending appears on the information bar at the top of the Dashboard page. When administrators approve requests, user accounts are created on the K1000 appliance and users can access the K1000 Administrator Console or User Console.

Option

Description

Quest Identity BrokerURL

The URL of the identity provider.

Quest Identity BrokerIdentifier

The unique identifier of the identity provider.

Quest Identity BrokerCertificate

The certificate used to verify communications with the identity provider.

4.
Click Save and Restart Services.

Manage Quest Identity Broker user approval requests

Manage Quest Identity Broker user approval requests

Quest Identity Broker (QIB) user approval requests are created when users who do not have K1000 account credentials attempt to log in to the K1000 Administrator Console or User Console using identity providers, such as your organization's Identity Provider and Microsoft Azure Active Directory.

NOTE: When administrators log in to the Administrator Console or User Console, a message appears in the information bar at the top of the page if QIB approval requests are pending.
1.
Go to the Approval Requests list:
a.
Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Quest Identity Broker.
2.
To approve a single request from the Approval Request Detail page:
a.
In the Identity column, click the linked name of a request to show the Approval Request Detail page.
The page shows attributes supplied by the identity provider, including nameidentifier, which identifies the user and the identity provider.

Option

Description

Create new account

Create an account on the K1000 for the user. When the account is created, the user can use single sign on to access the User Console only. If you want to grant access to the Administrator Console, you need to edit the user's permissions on the User Detail page.

Create new account and display editor

Create an account on the K1000 for the user and open the User Detail page for editing. This enables you to modify user access permissions for the K1000 User Console and Administrator Console as needed.

Map to existing account

Map the approval request to an existing user account. When you select this option, you need to choose the account you want to map to in the drop-down list. When you approve the request, the QIB request information is added to the User Detail page of the selected account.

c.
Click Approve. The request is approved, and an account is created for the user on the K1000. If the Organization component is enabled on your appliance, the account is created in the default organization.
a.
On the Approval Requests page, select one or more check boxes next to the approval requests.
b.
Select Choose Action > Auto Create.
To reject one or more requests from the Approval Request page, select the check boxes next to the request, then select Choose Action > Reject.
In the Identity column on the Approval Request page, click the linked name of a request to show the Approval Request Detail page, then click Reject.

Use single sign on through Quest Identity Broker

Use single sign on through Quest Identity Broker

When Quest Identity Brokeris enabled as the single sign on method, users can access the Administrator Console or User Console using credentials from identity providers, such as your organization's Identity Provider and Microsoft Azure Active Directory.

1.
Go to the K1000 login page, http://K1000_hostname.
2.
On the login page, click Single Sign On below the login information.
If the appliance is configured to approve login requests automatically, the User Console is displayed. If the appliance is configured to approve login requests manually, a notification page appears. When the request is approved, return to the K1000 login page to access the Administrator Console or User Console.
Related Documents