In this chapter we have used some terminologies which are specific to Advanced Authentication. This section helps in providing brief information on the terminologies. For detailed information about Advanced Authentication, you can refer the Advanced Authentication server guide from the Advanced Authentication documentation page.
The following table describes the Advanced Authentication terminologies that are used in this chapter:
|
Term |
Usage in Advanced Authentication |
Usage in Privileged Account Manager |
|---|---|---|
|
Repository |
Used for storing user information. This information can be retrieved from any LDAP directory such as eDirectory, and Active Directory. |
You must create Advanced Authentication repositories for each domain that is used in Privileged Account Manager. If there is an account created in Privileged Account Manager’s Credential Vault, the repository name must be the same as the domain name mentioned in the Credential Vault. NOTE:If you require secondary authentication imposed for local users of Privileged Account Manager, add those local users to the Local repository of Advanced Authentication server before configuring secondary authentication details. |
|
Methods |
Used for defining the type of authentication.It displays the list of available methods for authentication. You can modify the setting for each method as per your requirement. |
Only the supported methods can be used for secondary authentication. For a list of supported methods in Privileged Account Manager, refer Supported Authentication Methods |
|
Chain |
Used for defining the combination of authentication methods. The users must authenticate themselves with all the authentication methods that are specified in a chain. For example, if you create a chain which is a combination of Email OTP and SMS, the user is prompted to enter the One-Time Password that is sent to his registered email address. If the OTP is correct, the system sends SMS with a One-Time-Password to the registered mobile number. |
The chains must be a combination of only the supported methods. For the list of supported methods refer, Supported Authentication Methods. If there is a combination of supported and unsupported methods, the user authentication is unsuccessful. |
|
Endpoint |
Used for identifying a device or server that contains a database. |
Privileged Account Manager uses a single endpoint for primary and backup servers. NOTE:Privileged Account Manager facilitates adding the endpoint to the Advanced Authentication server. This endpoint must be available to create an event. For information about adding an endpoint, refer Configuring Advanced Authentication Server. |
|
Event |
Used for configuring the chains and user categories that can be used for any endpoint. |
There should be a separate event for Privileged Account Manager. Only the chains that have a combination of supported methods must be added to this event. You must add the endpoint that you create through Privileged Account Manager to the Endpoint whitelist of Advanced Authentication server. |