The DSView 3 software is delivered with the DSView internal authentication service, which verifies a log in and password against user account information stored in the database on the DSView 3 software server.
The DSView 3 software also supports the following external authentication services: • Microsoft Active Directory®*
• IBM®SecureWay®Directory Server * • Novell®LDAP Services *
• Sun Solaris R9 LDAP Directory Server * • Sun ONE™ LDAP Directory Server * • Microsoft Windows NT domain
• Cisco®Secure ACS 3.3 for Windows 2000/2003 server • Microsoft IAS for Windows 2000/2003 server
• FreeRADIUS for Red Hat RHL3
• RSA SecurID® * Uses LDAP V3
If the DSView 3 server is configured for external authentication, login requests are re-directed to the configured external authentication server.
The DSView 3 software obtains external group membership and external user information when a user logs in. If a user’s group membership changes or the user is deleted externally, the DSView 3 software will not see these changes until the next time the user logs in. You may schedule a task that will automatically verify LDAP, Active Directory and NT external authentication servers to ensure that accounts are still valid; seeTask: Validating user accounts on an external authentication serveron page 376.
Authentication services may be managed only by DSView 3 software administrators and user administrators.
To display configured authentication services: 1. Click theUserstab.
2. ClickAuthentication Servicesin the top navigation bar. The User Authentication Services window will open.
The User Authentication Services window may be customized by using the Customize link. See Using the Customize link in windowson page 30.
To remove authentication services:
NOTE:The internal authentication service cannot be removed.
1. Click theUserstab.
2. ClickAuthentication Servicesin the top navigation bar. The User Authentication Services window will open.
3. Check the checkbox to the left of the authentication service(s) to delete. To delete all external authentication services on the page, check the checkbox to the left of Name at the top of the list.
4. ClickDelete. A confirmation dialog box will appear. 5. Confirm or cancel the deletion.
DSView 3 software internal authentication service
To change the DSView 3 internal authentication service account policies: 1. Click theUserstab.
2. ClickAuthentication Servicesin the top navigation bar. The User Authentication Services window will open.
3. ClickDSView Internal. The side navigation bar will change to include DSView Internal at the top and, below the name, the information you may define.
4. ClickAccount Policies. The Authentication Service User Account Policies - DSView Internal window will open.
5. Specify the password policies for the authentication service:
a. Type a number (from 1-64) in the Minimum Password Length field, or click the arrows to select a number.
b. Check thePasswords Expirecheckbox to require a user to change the password after a certain number of days. Specify a number (from 1-365) in the Maximum Expiration (days) field, or select a number.
c. SelectPasswords must contain both alpha and numeric charactersif new passwords must contain at least one letter and one number.
d. SelectPasswords must contain both lower and upper case charactersif new passwords must contain at least one uppercase and one lowercase letter. 6. Specify the lockout policy for the authentication service:
To assign a specific number of user login attempts, check theLockout users after invalid login attemptscheckbox, then continue with step a.
If you leave this checkbox unchecked, unlimited user login attempts will be allowed. Skip to the last step.
a. Type the number of allowable user login failures (from 1-25) in the Maximum Login Failures field, or select it from the menu.
b. To permit user logins after a certain period of time, check theAutomatically unlock users after the lockout periodcheckbox. Specify the lockout period (in minutes) by typing a number from 1-1,440 in the Maximum Lockout Period (minutes) field, or choose a value from the menu (1,440 minutes is equivalent to 24 hours).
If you leave this checkbox unchecked, locked user accounts must be manually unlocked by a DSView 3 software administrator or user administrator.
SeeUnlocking User Accountson page 264.
7. ClickSaveand then clickClose. The User Authentication Services window will open. To change custom field labels for user accounts that use internal authentication: 1. Click theUserstab.
2. ClickAuthentication Servicesin the top navigation bar. The User Authentication Services window will open.
3. ClickDSView Internal. The side navigation bar will change to include DSView Internal at the top and, below the name, information you may define.
4. ClickCustom Field Labelsin the side navigation bar. The Authentication Service User Account Custom Field Labels - DSView Internal window will open.
5. Type the text that you wish to appear in each of the six custom field labels.
6. ClickSaveand then clickClose. The User Authentication Services window will open. By default, the custom field labels do not display in the User Accounts - All window, but they may be added to the display (or added to the default display by an administrator), using the Customize link. SeeUsing the Customize link in windowson page 30.