Configure Authentication Settings

You can enable Dimension to connect to your Active Directory or RADIUS server to get user credentials and group information for your Dimension user accounts. Tip!

To configure authentication settings for Dimension:

  1. Select > Administration > Administration > Access Management.
    The Access Management page opens, with the Users & Groups page selected.
  2. Select Configuration.
    The Authentication tab is selected by default.
  3. To unlock the configuration so you can make changes, click Screenshot of the Locken icon.
    For more information about how to unlock and lock the Dimension configuration, go to Lock and Unlock the Dimension Configuration.
  4. Configure the settings for your server, as described in these sections:

Enable Active Directory Authentication

Before you can use the users and groups from your Active Directory server for role-based administration on Dimension, you must enable Dimension to connect to your Active Directory server. You must also specify at least one Active Directory domain with correct Service Records (SRV), and make sure that LDAPS is enabled on your Active Directory server. Tip!

For secure connections to your Active Directory server, Dimension uses the SSL certificate for your Active Directory server. SSL certificates that are signed by most well-known, public Certificate Authorities (CAs) are automatically trusted. To use a certificate signed by a CA that is not in the list, you must import the certificate. For instructions to import the SSL certificate to Dimension, see Manage Dimension Certificates.

To make sure your Dimension server can identify domain controllers by domain name, you must configure your Dimension server to use an internal DNS server. For more information about how to specify a DNS server, see the Configure the Interface Settings section in Manage Dimension System Settings.

To enable Dimension to use your Active Directory server to authenticate users:

  1. Select the Enable Active Directory Authentication check box.
  2. To add a domain name to the list, in the Specify domain name text box, type the Active Directory domain.
    Make sure to specify the same domain in the SRV record for your Active Directory server. Tip!
    The Active Directory domain controller uses SSL to connect to the Active Directory server.
  3. Click the Add button.
    The domain name appears in the list.
  4. If you add more than one domain name, to change the order of the domain names in the list, click the Move Up icon or the Move Down icon.
  5. To remove an Active Directory domain from the list, select the domain and click the Delete icon.
  6. To verify that the SSL certificate on the domain controller is valid, select the Validate the SSL certificate from the domain controller check box.
  7. Click Save.

Enable RADIUS Authentication

If you use a RADIUS server to authenticate users to your network, you can also use your RADIUS server to authenticate users to Dimension.

To use RADIUS server authentication with your instance of Dimension, you must:

  • Add the IP address of Dimension to the RADIUS server as described in the documentation from your RADIUS vendor
  • Enable and specify the RADIUS server in your Dimension configuration
  • Add RADIUS user names or group names to Dimension

Before you configure the RADIUS server settings in Dimension, make sure you have this information for your RADIUS server:

  • The server IP address or host name
  • The port number to use to connect to the server
  • The shared secret for the server

For more information about how RADIUS authentication works, see How RADIUS Server Authentication Works.

To enable Dimension to use your RADIUS server to authenticate users:

  1. Select the Enable RADIUS Authentication check box.
  2. Below to the IP Address / Host Name list, click Add.
    The Configure RADIUS Server dialog box opens.
  3. In the IP Address or Host Name text box, type the location of your RADIUS server.
  4. If you add more than one address, to change the order of the addresses in the list, click the Move Up icon or the Move Down icon.
  5. In the Port text box, type the port number to use for connections to your RADIUS server.
  6. In the Secret and Confirm text boxes, type the shared secret that is configured on your RADIUS server.
  7. Click OK.
    The IP address or host name you specified appears in the IP Address / Host Name list.
  8. In the Timeout text box, type the amount of time in seconds that Dimension waits for a response from the RADIUS server before it tries to connect again.
  9. In the Retries text box, type the number of times Dimension tries to connect to the RADIUS server.
  10. In the Group Attribute text box, type the group attribute value for your RADIUS server.
    The default group attribute is FilterID, which is RADIUS attribute 11. Tip!
  11. Click Save.

Change the RADIUS Server Settings

You can change the port number or shared secret that you specified in the Dimension settings for a RADIUS server. You cannot change the IP address or host name. If you specified an incorrect address or host name, or if the address or host name for your RADIUS server has changed, you must remove the server and add it again with the correct address or host name.

To change the settings you specified for a RADIUS server:

  1. From the IP Address / Host Name list, select the server.
  2. Click View.
    The Configure RADIUS Server dialog box opens.
  3. Change the port number or shared secret.
  4. Click OK.

Remove a RADIUS Server

To remove a RADIUS server:

  1. From the IP Address / Host Name list, select the server.
  2. Click Remove.
    The selected server is removed from the IP Address / Host Name list.

Related Topics

Configure Access Management Settings

Configure User Lockout Settings

Configure the Visibility Settings