Using Active Directory for external user authentication

IBM Flex System Manager supports Microsoft Active Directory as an external user registry on an outboard Microsoft Windows server.

To configure the management software to use an Active Directory registry on an external server, complete the following steps:
  1. From the Home page, click the Administration tab.
  2. Under Configuration tasks, click Configure Flex System Manager User Registry. The User Registry Configuration wizard opens.
  3. Complete the steps in the User Registry Configuration.
Note: The default security policy for the management software is Secure; it requires that external registry communication is SSL-encrypted. If you want to use unencrypted communication, you must change the security policy to Legacy. See Changing the security policy for instructions.
To create a Microsoft Active Directory user account that has access to IBM Flex System Manager, complete the following steps:
  1. Create a user account in the Active Directory user registry. For instructions about creating a user account in the domain server user registry, see the Active Directory documentation.
  2. Create an Active Directory global security group with the name of a predefined and authorized security group. The predefined group names are: smadmin, smmgr, smmon, smuser, smdefault. The security group must exist within the context of the Base Distinguished Name defined in the user registry configuration.
  3. Add the Active Directory user as a member of the security group you created above.
  4. Login to the management software web interface using the Active Directory user name.
  5. Optionally, you can define and create additional security groups. You can authorize these groups and assign roles to them from the Users and Groups page.

All of the users appear in the management software list of users and can log in to the management software with the applicable levels of authority.

Parent topic: Authenticating users to Flex System Manager