Before You Begin
Configuring this option will force all user authentication to be redirected to Active Directory. In the event a connection cannot be made to the domain controller listed in the External Directory Auth page, user authentication will fail and access to the FireScope appliance will be denied.
Connect to the configuration page of your FireScope appliance either using the FireScope Configurations portlet or by entering the configuration page URL into your browser (http://yourfirescopeappliance:8080/).
To configure FireScope Unify for Active Directory User Authentication:
To test the configuration:
If you accessed the configuration page from the FireScope Configurations portlet, mouse over the Settings button in the top right corner and click Sign Out.
When you are returned to the login page enter your Active Directory username and password. You should be authenticated and see the Portal Pages, however you may not be authorized to view any content yet as this may be a new account.
If you accessed the configuration page from the URL click the Logout menu item on the left at the bottom of the page.
When you are returned to the login page enter your Active Directory username and password. If you were using the same username in FireScope as your Active Directory username you will be authenticated and should see the Device page. However if your previous FireScope username was not the same as your Active Directory username you will need to apply the appropriate permissions to your new account. This can be done using the firescope.com.1 protected system account. In the event you do not know the password to this account please contact your FireScope administrator. If you are the FireScope administrator and do not know this password please contact FireScope Support at the information provided at the end of this article.
For a PDF version of this HOW TO including screenshots, please visit http://firescope.helpserve.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=19&nav=0
While authentication is being performed using Active Directory, user authorization is still handled and maintained in the FireScope appliance.
When using Active Directory authentication, a userâ€™s login name to FireScope will be their Active Directory samaccountname.
The user synchronization process will be run every one hour and half hour. For members of the security group configured earlier the process checks for new users and changes to existing users. This process will perform a one-way sync of the following account attributes from Active Directory to FireScope: email address, samaccountname, first name, and last name. This information is stored in FireScope for the purposes of user identity and authorization.
LIMITATIONS: The following user accounts are not permitted to be members of the Active Directory security group:
These accounts are protected FireScope system accounts and cannot be overwritten.
Currently FireScope does not allow for login name changes. In the event a users samaccountname changes, a new account will be created in FireScope for this user. The permissions on this new account will need to be recreated per the permissions of the earlier samaccountname.
If you are using Active Directory for user authentication you will not be able to use the FireScope Configurations or System Configurations Portlets. If this is the case you will need to access the Configuration and Administration pages using the URL http://yourfirescopeappliance:8080/. For security reasons this functionality is not permitted.
APPLIES TO: FireScope v2.1.3 Build 1573 and later
For additional support please send an email to email@example.com or contact support at 877.780.FIRE(3473) Ext. 425