Authenticating MCS Users

Use the following procedure to specify the level of security that is required to access the MCS console, write (store) data, such as host access configurations and presentations on the MCS server, and access data stored on MCS.

This authentication is only for accessing the MCS console. MCS-compatible products may provide alternative methods for accessing authentication settings for their product-specific purposes. Setting authentication options does not automatically give specific users the right to access the MCS console. Those rights are set under Rights Management.

To configure MCS user authentication
  1. In the MCS left pane, point to Services and then click Security.

  2. Under Security, click Authentication.

  3. In the Authentication page, select a node in the list of Authentication nodes.

  4. Under Authentication Settings, select either Inherit from Parent or Define Settings for This Node.
    If you select
    Inherit from Parent The selected node will use the authentication settings that were defined for its parent. If the selected node has no parent, it will use the settings defined for the MCS node. After you click Apply, no other configuration is required on this page.
    Define Settings for This Node Complete the following steps in this procedure.
  5. From the Authentication Type list box, select the desired level of authentication for accessing the MCS console:

    • None — No user name or password is required. If you select this authentication type, all users will have all MCS rights, regardless of your selections under Rights Management.

    • Username only — No password is required; however, the user name must exist in the configured directory service.

    • Username/password — Both a user name and password are required. This information is validated against the configured directory service.

    • Client certificate or Username/password — Security Services requests a client certificate; if it doesn't receive one, it authenticates the client using the user name/password. This option allows for a gradual migration from user name/password to client certificates.

    • Client certificate only — Client certificates are validated against the certificate authority as well as the configured directory service. Certificates are mapped to user names as configured in the Security Services Client Certificates page.

    • RSA SecurID — Users are typically prompted for a user name and passcode. You should select this value only after the RSA SecurID server has been configured and tested. Windows only.

  6. To use hardware authentication, click Gather Hardware.

    To use hardware authentication, users' computers must be registered under Hardware Management. For more information, see Setting Up Hardware Management.

  7. If necessary, change the settings for the remaining options.

    For details on any of the options on this page, click Help in the upper-right corner of the page.

  8. Click Apply to activate your settings.
Related Topics
Bullet Security, Overview
Bullet Managing Access to Administration Features
Bullet Directory Services, Overview