Typically, when you initially configure Directories Management, you use the connectors supplied with your existing vRealize Automation infrastructure to create an Active Directory connection for user ID and password based authentication and management. Alternatively, you can integrate Directories Management with other authentication solutions such as Kerberos or RSA SecurID.

The identity provider instance can be the Directories Management connector instance, third-party identity provider instances, or a combination of both.

Table 1. User Authentication Types Supported by Directories Management

Authentication Types

Description

Kerberos

Kerberos authentication provides domain users with single sign-on access to their apps portal, eliminating the requirement for domain users to sign in to their apps portal again after they log in to the enterprise network. The Directories Management validates user desktop credentials using Kerberos tickets distributed by the key distribution center (KDC).

Certificate

Certificate-based authentication can be configured to allow clients to authenticate with certificates on their desktop and mobile devices or to use a smart card adapter for authentication.

Certificate-based authentication is based on what the user has and what the person knows. A X.509 certificate uses the public key infrastructure standard to verify that a public key contained within the certificate belongs to the user.

Certificate-based authentication is based on what the user has and what the person knows. A X.509 certificate uses the public key infrastructure standard to verify that a public key contained within the certificate belongs to the user.

RSA SecurID

When RSA SecurID authentication is configured, Directories Management is configured as the authentication agent in the RSA SecurID server. RSA SecurID authentication requires users to use a token-based authentication system. RSA SecurID is a recommended authentication method for users accessing Directories Management from outside the enterprise network.

RADIUS

RADIUS authentication provides two-factor authentication options. You set up the RADIUS server that is accessible to the Directories Management service. When users sign in with their user name and passcode, an access request is submitted to the RADIUS server for authentication.

RSA Adaptive Authentication

RSA authentication provides a stronger multi-factor authentication than only user name and password authentication against Active Directory. When RSA Adaptive Authentication is enabled, the risk indicators specified in the risk policy set up in the RSA Policy Management application and the Directories Management service configuration of adaptive authentication are used to determine the required authentication prompts.