Authentication
General authentication settings
Administration > Spectra Detect Manager > Authentication
Session, cookies and passwords
-
Duration of login session
How long an authenticated user session will remain active on the appliance, set in seconds, minutes, hours or days. Minimum: 1 minute; maximum: 90 days. The default is 7 days.
The remainder of this section describes federated (single sign-on) login options.
LDAP
Administration > Spectra Detect Manager > Authentication > User Directory: LDAP
Connection
-
LDAP server host
Host name or IP address of the server providing LDAP authentication. Example: ldap.example.com. Click the Test button to verify the connection to the server.
-
LDAP server port
LDAP server host port. Defaults: 389 (LDAP) or 636 (LDAPS).
-
TLS
Select to use a TLS (secure) connection when communicating with the LDAP server.
-
TLS require certificate
Select to require TLS certificate verification when communicating with the LDAP server.
-
Bind DN or user
User to use when logging in to the LDAP server for searches. DN stands for Distinguished Name. Examples: user@example.com or cn=user,dc=example,dc=com
-
Password
Password for the Bind user account.
User Schema
-
Base DN
Root node in LDAP from which to search for users. Example: cn=users,dc=example,dc=com
-
Scope
Scope of the user directory searches (base, one level, subordinate, subtree).
-
User Object Class
The objectClass value used for when searching users. Example: user
-
User Name Attribute
The user name field. Examples: sAMAccountName or cn
Group Schema
The majority of fields in this section are the same as in the User Schema section, except the settings relate to groups.
-
Group Type
LDAP group membership attribute (Member, Unique Member)
User attribute mapping
-
First name
Field to map to a user’s first name. Example: givenName
-
Last name
Field to map to a user’s last name. Example: sn
-
E-mail
Field to map to email. Example: mail
User access
-
Active flag group
Group DN. Users will be marked as active only if they belong to this group. Example: cn=active,ou=users,dc=example,dc=com
-
Superuser flag group
Group DN. Users will be marked as superusers only if they belong to this group. Example: cn=admins,ou=groups,dc=example,dc=com
-
Require group
Group DN. Authentication will fail for any user that does not belong to this group. Example: cn=enabled,ou=groups,dc=example,dc=com
-
Deny group
Group DN. Authentication will fail for any user that belongs to this group. Example: cn=disabled,ou=groups,dc=example,dc=com
Select TLS CA Certificate file
-
Select a file to upload
The dialog that opens when clicking Choose File allows the user to upload their own TLS certificate for verifying the LDAP host identity. The certificate must be in PEM file format. To apply the certificate, the options TLS and TLS require certificate must be enabled. It is also possible to upload certificates through the Central Configuration Management section on Spectra Detect Manager, if the appliance is connected and authorized on the Manager.
OAuth 2.0 / OpenID Connect
👉 Described in the OpenID guide.
SAML
👉 Described in the SAML guide.