Active Directory integration for Self Service portal
I've gotten SecurID set up, tokens added, and have my AD server set as a Identity Source. I can query it and get a list of users in the Security Console.
When I go to set up Self Service -> Select Identity Source. The AD identity source does not show up. I feel like I am missing a step some where. I've attempted to log into the Self Service portal using my AD account which has a token associated with it.
Can anyone help?
- Active Directory
- Community Thread
- Forum Thread
- RSA SecurID
- RSA SecurID Access
- RSA SecurID Integration
It sounds like you have the identity source linked successfully to the system (Setup > Identity Sources > Link Identity Source to System).
I can see where you'd think there should be a drop down listing all identity sources under Setup >Self-Service Settings and clicking on Select Identity Sources, but try manually entering the FQDN of the identity source, as shown here and clicking Save.
Thanks for your help, but this didn't seem to work. I tried the FQDN of our domain controller and also the Identity Source Name I used in the original setup. If I got to Select User Groups, I don't see my AD identity source there either. Any other ideas?
For Self Service -> Select Identity Source area is just a friendly identifier... See the hover over below.
For Group information that is Internal Identity Source only... From the help section of the page.
Note: Users can request additional user group membership after enrolling in Self-Service, as long as the user group resides in the internal database.
I saw that too when I was following Erica's suggestion. Any idea on how to link Active Directory to the self-service portal? I have the identity source configured and can use it to assign tokens to users. I can't find any documentation on how to link AD to self-service. There must be some option buried somewhere I am missing.
You can let users log in with their AD password by setting up the "Self-Service Console Authentication" option.
In the Security Console, navigate to "Settings" then "Self Service Settings", then under the "Customization" box in the lower left corner, select "Self-Service Console Authentication".
There you can adjust the way users can log into the self-service portal. You can use any combination of RSA_Password, LDAP_Password, and SecurID_Native (token).
(Example) Console Authentication Method: LDAP_Password/SecurID_Native
Word to the wise, have someone else test the settings, before you log out!
Sorry this didn't work either. The default is set to "RSA_Password/LDAP_Password/SecurID_Native" by default. I just added "LDAP_Password" and no luck. I reverted it back to the default.
Any other ideas?
With those default settings, you should be able to log into the Self Service Console using your AD credentials. Try using just your AD username (no domain) and your AD password.
There is a difference between 'self service console' and what others call a 'Portal'.
You may be using SSP, which doesn't follow the setup recommendations that have been posted here, it is different.
Can you send a picture of the login page you are seeing (you can hide the URL we want to see the rest of the page though).