Chat now with support
Chat with Support

KACE Systems Management Appliance 7.1 - Administrator Guide

About the KACE Systems Management Appliance (K1000) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations
Setting up License Compliance Managing License Compliance Setting up Service Desk Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the K1000 Agent Manually deploying the K1000 Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the K1000
Appendixes Glossary About us Legal notices

Using external LDAP or Active Directory servers for single sign on

Using external LDAP or Active Directory servers for single sign on

When using Active Directory for authentication for single sign on, the external LDAP or Active Directory server must have the same entries as the Active Directory server specified for single sign on. The K1000 appliance matches user credentials on the joined domain, and then it uses the external LDAP configuration to determine user roles and privileges.

To authenticate users by using local accounts on the K1000 appliance, you need to either import accounts from an LDAP or Active Directory server to the appliance, or manually create accounts on the appliance. See:

About Quest Identity Broker

About Quest Identity Broker

Quest Identity Broker (QIB) is a cloud-based single sign on (SSO) solution that enables users to log in to the K1000 Administrator Console or User Console using third-party identity providers, such as your organization's Identity Provider and Microsoft Azure Active Directory.

QIB uses SAML (Security Assertion Markup Language) to authenticate users with third-party credentials. QIB can be configured to automatically create K1000 accounts that enable authenticated users to log in to the K1000 User Console, or to require administrator approval before accounts are created and access is granted. In addition, some identity providers enable integration with social networks, such as Facebook, LinkedIn, Twitter, and others.

If the Organization component is enabled on your appliance, QIB can be enabled for the default organization only. To enable single sign on for multiple organizations, use the standard Active Directory method. See Using Active Directory for single sign on.

Enabling and disabling single sign on

Enabling and disabling single sign on

You can enable or disable single sign on in the K1000 appliance security settings.

Enable single sign on

Enable single sign on

To enable single sign on, you need to configure the appliance Security Settings to establish a connection between an Active Directory server and the appliance or Quest Identity Broker.

1.
Go to the appliance Control Panel:
If the Organization component is enabled on the appliance, log in to the K1000 System Administration Console, http://K1000_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings.
2.
Click Security Settings to display the Security Settings page.
3.
In the Single Sign On section, select a single sign on method.
Related Documents