Question & Answer
Question
When using Active Directory or LDAP, why does the Admin roles require two passwords in QRadar?
Cause
When using external authentication methods, like AD or LDAP, there must be a fallback account in case the external authentication server encounters a network issue or experiences a failure. When configuring AD or LDAP with QRadar, we require that the admin role be configured with a local password first, then the system uses the LDAP or AD authentication as the primary source for verification.
Answer
When QRadar authentication method is changed from local to external as Active Directory or LDAP, there are a number of requirements that must be followed:
- When creating an user with Admin Role, a local password needs to be provided. The Admin roles have the local password and the external authentication method in case the external authentication method fails, Admin users can login using the local password.
- When creating a user with a non-admin role the password should be left blank, as non-admin users do not require a fall back account, only administrator.
- Only Administrative roles have the password stored locally on the QRadar Console.
- When the external authentication method is configured this will turn the primary authentication method unless there is a failure in the plugin.
Important: For administrators who want to fall back to local passwords with LDAP, should review the following technical note: QRadar: External Authentication Fails Due to Password Fallback Change for Administrators (Updated).
-----
Where do you find more information?
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Admin Console","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.1;7.3;7.2.8;7.2;7.1;7.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
10 May 2019
UID
swg21902339