Configuring Active Directory authentication

Removed in 7.4.2 You can configure Microsoft Active Directory authentication on your IBM® QRadar® system.

About this task

Important: As of QRadar 7.4.2, you can no longer use Kerberos-based Active Directory (AD) authentication. For more information, see https://www.ibm.com/support/pages/node/6253911.

Procedure

  1. On the Admin tab, click Authentication.
  2. Click Authentication Module Settings.
  3. From the Authentication Module list, select Active Directory.
  4. Click Add, and configure parameters for the Active Directory Repository.

    The following table describes the parameters to configure:

    Parameter Description
    Repository ID

    The Repository ID is an identifier or alias that uniquely represents the server that is entered in the Server URL field and the domain from the Domain field. Use the Repository ID when you enter your login details.

    For example, you might use AD_1 to represent server_A on Domain_A in one Active Directory Repository, and AD_2 to represent server_B on Domain_A in your second repository.
    Server URL
    The URL that is used to connect to the LDAP server. For example, type ldaps://host_name:port.
    Note: If you specify a secure LDAP connection, the password is secure but the username is passed in clear text.
    Context Context that you want to use; for example, DC=QRADAR,DC=INC.
    Domain Domain that you want to use, for example; qradar.inc.
  5. Enter the user name and password that you use to authenticate with the repository.
  6. To test connectivity to the repository, click Test Connection.
    Note: When you enable Active Directory, ensure that port 88 is open to allow Kerberos connections from the QRadar Console.
  7. To edit or remove a repository, select the repository, and then click Edit or Remove.
  8. Click Save.

    Users can log in by using the Domain\user or Repository_ID\user login formats.

    The login request that uses Repository_ID\user is attempted on a specific server that is linked to a specific domain. For example, Server A on Domain A, which is more specific than the Domain\user login request format.

    The login request that uses the Domain\user format is attempted on servers that are linked to the specified domain until a successful login is achieved. For example, there might be more that one server on a specific domain.

    Note: For Active Directory user authentication, you must create a local QRadar user account that is the same as the Active Directory (AD) account on the authentication server.
  9. On the Admin page, click Deploy Changes.