4.2 Configuring Authentication through an NCSS Director

The NetIQ Cloud Manager administrator can choose to authenticate users logging in with their email addresses through a supported NetIQ Cloud Security Service (NCSS) server. NCSS should already be installed in your environment.

If you choose to let users authenticate through NCSS, you must also use the Secure Sockets Layer (SSL) protocol with it.

This section helps you to prepare the information you need to configure NCSS for Cloud Manager authentication. If you want to use some other authentication service, see Section 4.1, Configuring Authentication to an LDAP Directory, Section 4.3, Configuring LDAP Plus NCSS Authentication, or Section 4.4, Configuring Authentication to Novell Access Manager.

  1. Make sure you know the information you’ll be prompted to provide during the NCSS authentication configuration:

    Information Needed to Configure Authentication to NCSS Director

    Description

    DNS Address of the NCSS Director service

    Specify the DNS name of the server that hosts the NCSS Director service. This address should match the address on the SSL certificate that was issued for the server.

    Path to the SSL Certificate of the NCSS Director server

    Specify the path in the file system where the SSL certificate resides. This certificate must be in DER format.

    If no SSL certificate exists, you can create one by visiting the NCSS Web page in your browser. You can use your browser tools to export the certificate. Remember that it must be in DER format.

    For more information, see Retrieving the Public Certificate of the LDAP Server in the NetIQ Cloud Security Service 1.5 Installation Guide.

    Cloud Manager Administrator user name

    Specify the initial user name that you want to designate as the Cloud Manager administrator.

    This should be the new administrator’s login name or Common Name (CN) and must already exist in your LDAP directory.

    This value is not validated during the configuration. You must be certain that you specify the value correctly so that users can log in through NCSS.

    Cloud Manager Administrator email address

    Specify the email address of the user you want to be the Cloud Manager administrator.

    This email address must already exist as an LDAP attribute of the future administrator. If the user has more than one email address, use the first address in the email attributes list.

    Cloud Manager uses this email address to determine the administrative permissions to apply to the user.

    As you continue running the configuration tool (/opt/netiq/cloudmanager/configurator/config) following the configuration of the Postgres database, the tool displays the following text:

    Authentication Type
    
    1) LDAP
    2) NCSS
    3) LDAP plus NCSS
    4) NAM
    
    Selection:
    
  2. Specify 2 (NCSS) as the authentication type you want to configure.

  3. Follow the prompts and use the information you gathered in Step 1 to complete this segment of the configuration.

After the NCSS authentication configuration, continue with Section 5.0, Installing and Configuring Other Cloud Manager Feature Settings.