Remote authentication policies

DS8000® can use remote authentication that is provided by a Lightweight Directory Access Protocol (LDAP) server, Copy Services Manager (CSM) as a proxy for an LDAP server or multi-factor authentication (MFA) with RSA SecurID server.

Enabling remote authentication

Managing user login with remote authentication.

Use the Login page to manage access to your account in the DS8000 storage GUI with remote authentication enabled.

User login with RSA SecurID authentication enabled
  1. Enter the Username on login page for RSA SecurID server.
  2. Enter the SecurID passcode for administrative verification.
  3. If the first SecurID passcode expires, user needs to enter the SecurID next tokencode for administrative verification.
User login with LDAP+RSA SecurID authentication enabled
  1. Enter the Username and Password for LDAD server on login page for administrative verification.
  2. Enter the SecurID passcode for the same Username for RSA SecurID server on login page for administrative verification.
  3. If the first SecurID passcode expires, user needs to enter the next SecurID next tokencode for administrative verification.
User login with local authentication enabled

Enter the Username and Password on login page for administrative verification.

Managing remote authentication

After remote authentication is enabled, use the Remote Authentication page to manage remote authentication settings.

Remote Authentication
Indicates whether remote authentication is enabled.
Modify
Click to open the Configure Remote Authentication wizard and modify the remote authentication configuration. User can only modify the currently activated remote authentication configuration.
Disable
Click to disable remote authentication.
LDAP Servers
Details about the LDAP servers.
Host Address
The name or IP address of the LDAP server.
Port
The port number that is used by the LDAP server.
State
The state of the LDAP server.
Type
The LDAP server type.
Security
Information for encryption with the LDAP server or RSA SecurID server.
Protocol
Indicates whether the connection to the LDAP server or RSA SecurID server uses TLS.
Security Certificates
Options to install and view information about installed TLS certificates.
Install Certificates
You can install TLS certificates.

Click Browse Certificates to select certificates from a local directory.

Click Retrieve Certificates to select from certificates that are on the LDAP server or on RSA SecurID server.

Click Submit to complete the installation.

Certificates Installed
View the details for the installed TLS certificates.
Subject DN
The distinguished name of the certificate owner.
Issuer
The entity that signed the certificate.
Not valid before
The date and time when the certificate became valid.
Not valid after
The date and time when the certificate expires.
Serial number
The certificate identification number that is assigned by the certificate issuer.
LDAP access
LDAP authentication details.
Authentication
The type of binding that is used for LDAP authentication.
Bind DN
The distinguished name or user name that is used for bind authentication.
LDAP Lookup Method
Authentication lookup information for group and user names.
User search base
The base distinguished name for user lookup.
User name attribute
The user name attributes for user lookup.
Group search base
he group base distinguished name for group lookup.
Group name attribute
The group name attributes for group lookup.
Group membership attribute
The name of the group that includes the base group.
User name filter
The attributes for the user name filter.
Group name filter
The attributes for the group name filter.
Mappings
You can add or modify a remote authentication mapping.
Roles
The DS8000 role names that are mapped to a remote authentication server user or group.
User Group
The remote authentication server group that a role is mapped to.
User Name
The remote authentication server user that a role is mapped to.
RSA SecurID
Select RSA SecurID if there are mappings of users to the MFA remote authentication server.
Local Administrator
Indicates whether the local administrator role is enabled. The Local administrator is a DS8000 role that remains active for recovery purposes if the remote authentication servers (LDAP, CSM, RSA SecurID, or a combination) are not available.
Note: To add LDAP remote authentication to the already configured RSA SecurID server, user first needs to disable the RSA SecurID authentication. Use the Modify button to open the Configure Remote Authentication wizard and modify the remote authentication configuration.
RSA SecurID Server
Details about the RSA SecurID server.
State
The state of the RSA SecurID server.
  • Unconfigured: RSA SecurID server is not configured.
Disable
Click to disable remote authentication.
Host Address
The name or IP address of the RSA SecurID server.
Port
The port number that is used by the RSA SecurID server.
Type
The RSA SecurID server type.