Related Topics
Configure Authentication Settings
You can enable Dimension to connect to your Active Directory or RADIUS server to get user credentials and group information for your Dimension user accounts. Tip!Dimension uses port 3269 for connections to your Active Directory server. Make sure that Dimension can connect to your Active Directory server over port 3269.
To configure authentication settings for Dimension:
- Select > Administration > Administration > Access Management.
The Access Management page appears, with the Users & Groups page selected. - Select Configuration.
The Authentication tab is selected by default. - To unlock the configuration so you can make changes, click .
For more information about how to unlock and lock the Dimension configuration, see Lock and Unlock the Dimension Configuration. - Configure the settings for your server, as described in these sections:
Enable Active Directory Authentication
Before you can use the users and groups from your Active Directory server for role-based administration on Dimension, you must enable Dimension to connect to your Active Directory server. You must also specify at least one Active Directory domain and make sure that LDAPS is enabled on your Active Directory server. Tip! Dimension uses port 3269 for outbound connections to your Active Directory server.
For secure connections to your Active Directory server, Dimension uses the SSL certificate for your Active Directory server. SSL certificates that are signed by most well-known, public Certificate Authorities (CAs) are automatically trusted. To use a certificate signed by a CA that is not in the list, you must import the certificate. For instructions to import the SSL certificate to Dimension, see Manage Dimension Certificates.
To make sure your Dimension server can identify domain controllers by domain name, you must configure your Dimension server to use an internal DNS server. For more information about how to specify a DNS server, see the Configure the Interface Settings section in Manage Dimension System Settings.
To enable Dimension to use your Active Directory server to authenticate users:
- Select the Enable Active Directory Authentication check box.
- In the Active Directory Domain text box, type the domain name for the Active Directory server.
- Click .
The domain name appears in the list. - If you add more than one domain name, to change the order of the domain names in the list, click or .
- To remove an Active Directory domain from the list, select the domain and click .
- To verify that the SSL certificate on the domain controller is valid, select the Validate the SSL certificate from the domain controller check box.
- Click Save.
Enable RADIUS Authentication
If you use a RADIUS server to authenticate users to your network, you can also use your RADIUS server to authenticate users to Dimension.
To use RADIUS server authentication with your instance of Dimension, you must:
- Add the IP address of Dimension to the RADIUS server as described in the documentation from your RADIUS vendor
- Enable and specify the RADIUS server in your Dimension configuration
- Add RADIUS user names or group names to Dimension
Before you configure the RADIUS server settings in Dimension, make sure you have this information for your RADIUS server:
- The server IP address or host name
- The port number to use to connect to the server
- The shared secret for the server
For more information about how RADIUS authentication works, see How RADIUS Server Authentication Works.
To enable Dimension to use your RADIUS server to authenticate users:
- Select the Enable RADIUS Authentication check box.
- Below to the IP Address / Host Name list, click Add.
The Configure RADIUS Server dialog box appears. - In the IP Address or Host Name text box, type the location of your RADIUS server.
- If you add more than one address, to change the order of the addresses in the list, click or .
- In the Port text box, type the port number to use for connections to your RADIUS server.
- In the Secret and Confirm text boxes, type the shared secret that is configured on your RADIUS server.
- Click OK.
The IP address or host name you specified appears in the IP Address / Host Name list. - In the Timeout text box, type the amount of time in seconds that Dimension waits for a response from the RADIUS server before it tries to connect again.
- In the Retries text box, type the number of times Dimension tries to connect to the RADIUS server.
- In the Group Attribute text box, type the group attribute value for your RADIUS server.
The default group attribute is FilterID, which is RADIUS attribute 11. Tip!The group attribute value is used to set the attribute that carries the User Group information between the RADIUS server and Dimension. You must configure the RADIUS server to include the group attribute value string you specify here with the user authentication message it sends to Dimension. - Click Save.
Change the RADIUS Server Settings
You can change the port number or shared secret that you specified in the Dimension settings for a RADIUS server. You cannot change the IP address or host name. If you specified an incorrect address or host name, or if the address or host name for your RADIUS server has changed, you must remove the server and add it again with the correct address or host name.
To change the settings you specified for a RADIUS server:
- From the IP Address / Host Name list, select the server.
- Click View.
The Configure RADIUS Server dialog box appears. - Change the port number or shared secret.
- Click OK.
Remove a RADIUS Server
To remove a RADIUS server:
- From the IP Address / Host Name list, select the server.
- Click Remove.
The selected server is removed from the IP Address / Host Name list.
See Also
Configure Access Management Settings