Does Authentication Manager support Microsoft's Managed Service Accounts or Group Managed Service Accounts?
Does the Authentication Manager support Microsoft's Managed Service Accounts or Group Managed Service Accounts?
- Auth Manager
- Authentication Manager
- Community Thread
- Forum Thread
- group managed service accounts
- managed service accounts
- RSA SecurID
- RSA SecurID Access
- RSA SecurID Integration
Well, not sure.
Our setup guide doesn't mention anything about it.
What is required is: the account name and password chosen for the AD connection has all permissions necessary to do all the functions on the DC that RSA needs from it (the top domain admin is guaranteed to have this).
If you find you have issues with managing LDAP users or groups on the RSA server, and the account connection is not 'the domain admin', then quickly switch to domain admin and retesting will sort out if it is permissions related.
If the account is dynamically changed or the password is changed, an RSA ops console admin needs to manually update the RSA server.
Question: Are you suggesting that one create a Service Account with Top Level Domain Admin permissions to perform LDAP functions on the DC for the Authentication Manager?
Many setups use a service account yes, with permissions needed for the RSA function to be able to read users and groups from AD and across the scope you set up.
It doesn't have to have full admin rights, but if you have problems with anything AD related, a quick test with admin rights will quickly nail down if the problem is that the service account doesn't have enough permissions.