Table of contents
How to enable SSO
Contexte: 2.2.1 R2
- Your server must be in a domain
- You must have the licence "LDAP/AD authentication" authorized in the System\Licences view of the NMC
- Configure the LDAP Authentification on the NMC side (application settings):
LDAP_Group_ObjectClass=group (by default)
LDAP_User_LoginAccessKey=sAMAccountName (by default)
LDAP_User_ObjectClass=person (by default)
LDAPAuthentification=true
LDAPMode=ActiveDirectory (example)
LDAPServerAddress=LDAP://IP-LABEL.COM
- Configure the LDAP Authentification on the NRS side (application settings):
Same configuration
LDAP_HTTP_UserProperty=LOGON_USER (by default)
- Run the tool NewtAcSSo310.exe and specify an account in the domain + your LDAP server
This setup will create 2 website in iis: NMCSSO & NRSSSO
- Configure a rule on the NMC side (System\User\companies\Rules\Add rules In the drop down list "Group name" you will be able to browse your AD.
Then use this link by replacing ServerName by your NMC:NRS:NES server name:
http://ServerName/nmcsso/home.aspx
http://ServerName/nrssso/home.aspx
http://ServerName/nessso/home.aspx
How to configure User's Rules
Context : 2.2.1R12 - 3.0
Once LDAP / SSO is properly configurated, you have to add Rules to link your LDAP groups with NMC/NRS User's rights.
For each group in your LDAP, you can choose the User Category (User Favorites, Standard User, IT Managers, Executive Managers, Operator, Administrator).
When a user of one of this LDAP group log for the first time, his account is created automatically in Newtest Database with his Use's category as defined in related rule.
If a rule is modified later, this will not change the User's category for already created users.
You can modify at any time the category of a user from an account with Administrator rights.
Comments