Skip to main content
Version: Spectra Detect 5.2.1

Authentication

General authentication settings

Administration > Spectra Detect Manager > Authentication

Session, cookies and passwords

  • Duration of login session

    How long an authenticated user session will remain active on the appliance, set in seconds, minutes, hours or days. Minimum: 1 minute; maximum: 90 days. The default is 7 days.


The remainder of this section describes federated (single sign-on) login options.

LDAP

Administration > Spectra Detect Manager > Authentication > User Directory: LDAP

Connection

  • LDAP server host

    Host name or IP address of the server providing LDAP authentication. Example: ldap.example.com. Click the Test button to verify the connection to the server.

  • LDAP server port

    LDAP server host port. Defaults: 389 (LDAP) or 636 (LDAPS).

  • TLS

    Select to use a TLS (secure) connection when communicating with the LDAP server.

  • TLS require certificate

    Select to require TLS certificate verification when communicating with the LDAP server.

  • Bind DN or user

    User to use when logging in to the LDAP server for searches. DN stands for Distinguished Name. Examples: user@example.com or cn=user,dc=example,dc=com

  • Password

    Password for the Bind user account.

User Schema

  • Base DN

    Root node in LDAP from which to search for users. Example: cn=users,dc=example,dc=com

  • Scope

    Scope of the user directory searches (base, one level, subordinate, subtree).

  • User Object Class

    The objectClass value used for when searching users. Example: user

  • User Name Attribute

    The user name field. Examples: sAMAccountName or cn

Group Schema

The majority of fields in this section are the same as in the User Schema section, except the settings relate to groups.

  • Group Type

    LDAP group membership attribute (Member, Unique Member)

User attribute mapping

  • First name

    Field to map to a user’s first name. Example: givenName

  • Last name

    Field to map to a user’s last name. Example: sn

  • E-mail

    Field to map to email. Example: mail

User access

  • Active flag group

    Group DN. Users will be marked as active only if they belong to this group. Example: cn=active,ou=users,dc=example,dc=com

  • Superuser flag group

    Group DN. Users will be marked as superusers only if they belong to this group. Example: cn=admins,ou=groups,dc=example,dc=com

  • Require group

    Group DN. Authentication will fail for any user that does not belong to this group. Example: cn=enabled,ou=groups,dc=example,dc=com

  • Deny group

    Group DN. Authentication will fail for any user that belongs to this group. Example: cn=disabled,ou=groups,dc=example,dc=com

Select TLS CA Certificate file

  • Select a file to upload

    The dialog that opens when clicking Choose File allows the user to upload their own TLS certificate for verifying the LDAP host identity. The certificate must be in PEM file format. To apply the certificate, the options TLS and TLS require certificate must be enabled. It is also possible to upload certificates through the Central Configuration Management section on Spectra Detect Manager, if the appliance is connected and authorized on the Manager.

OAuth 2.0 / OpenID Connect

👉 Described in the OpenID guide.

SAML

👉 Described in the SAML guide.