Enabling health check alerts for User Authentication

Follow these steps to enable health check alerts from the MaaS360® Portal for the Cloud Extender® module.

Before you begin

This feature is available for Cloud Extender MEG Module 2.86 or later only.

Procedure

  1. From the MaaS360 Portal Home page, select Setup > Cloud Extender Settings.
  2. Select Health Check Configuration > User Authentication Alerting.
    The User Authentication Alerting list is displayed.
  3. From the list, enable the alerts that apply to your environment.
    If you set an alert subscription to Critical Only, the Cloud Extender sends an email message or a text message to the administrator for all alerts that are marked as Critical.
    The following table provides a description of each alert and the steps you take to remediate the alert:
    Alert name Alert description Remediation steps
    Invalid credentials The service account credentials are expired or invalid. The Cloud Extender cannot connect to the configured LDAP server because the server is unreachable or the service account credentials are invalid.
    1. Verify that LDAP is operational.
    2. Check for recent firewall or proxy changes that might block access to the LDAP server.
    3. Check whether the bind administrator credentials are valid and not expired. If required, use the Cloud Extender Configuration Tool in the MaaS360 Portal to update the credentials.
    4. Check whether any intrusion detection software in your network might be locking the bind administrator account. If the account is locked, add the account to the allow list to prevent the intrusion detection software from locking the account.
    5. If this issue continues, collect logs from the Cloud Extender, and then contact IBM® Support for further assistance.
    Authentication taking more than configured limit The User Authentication service is taking more time to complete than the configured limit.
    1. Verify that scanning software is not scanning the Cloud Extender services and causing a delay during the authentication process.
    2. If you are using LDAP mode, verify that the search base for users is not that wide. Use the Cloud Extender Configuration Tool in the MaaS360 Portal to limit the scope of the search base and use filters for Users and Groups to optimize search performance.
    3. If this issue continues, collect logs from the Cloud Extender, and then contact IBM Support for further assistance.
    Insufficient access Insufficient permissions on the LDAP bind administrator account is causing an insufficient access error response from the LDAP server for certain LDAP operations.
    1. Verify that the LDAP bind administrator account uses the necessary permissions to execute Bind, Query, and Filter operations on LDAP.
    2. If required, use the Cloud Extender Configuration Tool in the MaaS360 Portal to update the bind administrator account.
    3. If this issue continues, collect logs from the Cloud Extender, and then contact IBM Support for further assistance.
    Server down The authentication LDAP server is down. The Cloud Extender cannot connect to the directory server because the directory server is down or the Cloud Extender configuration is invalid.
    1. Verify that the configured LDAP server is reachable from the Cloud Extender server. Use the Cloud Extender reachability test to confirm that the LDAP server is reachable from the Cloud Extender server.
    2. Check whether the bind administrator account is still active and the password is not expired. If required, use the Cloud Extender Configuration Tool in the MaaS360 Portal to update the bind administrator account credentials.
    3. If this issue continues, collect logs from the Cloud Extender, and then contact IBM Support for further assistance.
    Server busy The authentication LDAP server is busy. The Cloud Extender cannot process the client request because the LDAP server is busy.
    1. Check whether the LDAP server is low on system resources.
    2. Check whether other applications are also using LDAP resources during this time period.
    3. Review the LDAP server performance and contact internal or vendor teams for assistance with resolving this issue.
    Server unavailable The authentication LDAP server is unavailable. The Cloud Extender cannot process the LDAP bind request with the configured bind administrator credentials because the LDAP server might be unavailable.
    1. Verify that the configured LDAP server is reachable from the Cloud Extender server. Use the Cloud Extender reachability test to confirm that the LDAP server is reachable from the Cloud Extender server.
    2. Check whether the bind administrator account is still active and the password is not expired. If required, use the Cloud Extender Configuration Tool in the MaaS360 Portal to update the bind administrator account credentials.
    3. If this issue continues, collect logs from the Cloud Extender, and then contact IBM Support for further assistance.
  4. Publish the Cloud Extender settings to activate the alerts.