Configuring user authentication

You can configure IBM® Security Guardium® Key Lifecycle Manager to use the supported authentication methods for user authentication. User authorization is managed in IBM Security Guardium Key Lifecycle Manager.

About this task

IBM Security Guardium Key Lifecycle Manager supports the following authentication methods:
  • File-based authentication (configured by default)
  • Lightweight Directory Access Protocol (LDAP)
  • OpenID Connect (OIDC)
File-based authentication is configured by default when you install the product. The default file-based user is created as part of the installation process. For better security, use the supported LDAP providers or the OIDC providers in which user information is obtained from the corresponding LDAP or OIDC server.

After you configure the authentication method, add users, and then you can authorize the users to control their access to tasks and data in IBM Security Guardium Key Lifecycle Manager.

The following two LDAP providers are supported:
  • IBM Security Directory Server (formerly called IBM Tivoli Directory Server)
  • Microsoft Active Directory
In geographically dispersed environments, performance might be negatively impacted if the LDAP or OIDC server and the IBM Security Guardium Key Lifecycle Manager console are not geographically close to each other.

You can configure the authentication providers by using the graphical user interface or the REST interface. If you are unable to log in to the Guardium Key Lifecycle Manager server because of an issue with the authentication method, you can use the system token to run the system recovery REST services and restore your access. For more information, see Recovering the system by using the system token.