About authentication methods

An authentication method validates user credentials when he logs in. Metrics Management supports Metrics Management, Standard, and Windows authentication, and the enterprise-level authentication schemes, Active Directory and LDAP. Metrics Management authentication is the default authentication method.

Windows, Active Directory, and LDAP authentication support using single sign‑on to authenticate to Metrics Management. Single sign-on employs the user's system login information, either Windows domain or LDAP, to authenticate the user to Metrics Management. Metrics Management supports enabling Active Directory or LDAP over Secure Sockets Layer (SSL).

If your organization uses a custom authentication scheme, Actuate can create a custom plug-in to integrate that scheme with Metrics Management. Consult your implementation team for more information.

Metrics Management supports enabling multiple authentication methods within one database. The user chooses an authentication method from the list of available methods when they log in.

Actuate recommends enabling Standard authentication. The Standard authentication method supports:

Creating users and controlling passwords from within Metrics Management

Testing functionality available to different user profiles

Ensuring access to the Metrics Management database, regardless of the availability of the Active Directory or LDAP servers

Providing access to Metrics Management users who are not registered in the Active Directory or LDAP repositories

Enabling an authentication method

The system specialist chooses an authentication method to make available to users. Each single sign-on method requires configuring the related authentication method. For example, the Active Directory method provides configuration information to the Active Directory Single Sign-On method. Once enabled, the Metrics Management authentication method does not require configuration.

How to enable an authentication method

1 Choose Setup➛Configure.

2 In Authentication, select the check box beside an authentication method to enable it. Figure 1‑11 shows Metrics Management and Standard enabled.

Figure 1‑11 Enabling authentication methods

3 To change the order in which authentication methods appear to a user when logging in, select a method. Then, choose Move Up or Move Down.

4 Choose Save.

Configuring the Standard authentication method

A system specialist configures the Standard authentication method by defining Metrics Management password rules. A Standard authentication password must be at least eight characters. Metrics Management supports defining increased password complexity rules. The system specialist can specify a minimum password length of 8, 10, or 12 characters, and require using alphanumeric characters, or alphanumeric and special characters. The supported set special characters is: ! # $ % - _ = +.

The system specialist can specify the number of days after which a user password expires. After specifying a password expiration period, also specify the number of days in which to notify a user in advance of password expiry. For example, specify a password expiration date of 90 days, and a notification period of 7 days.

Metrics Management supports requiring a user to change their password after an administrator creates an initial password or resets a password, and defining the number of passwords stored in password history. A user may not reuse a password stored in password history. Specify up to a maximum of 10 stored passwords per user.

How to configure the Standard authentication method

1 Choose Setup➛Configure.

2 In Properties➛Authentication—Authentication methods, select Standard.

3 Choose Configure. Configuration Authentication - Standard appears. Figure 1‑12 shows Configuration Authentication for Standard authentication.

Figure 1‑12 Configuring the Standard authentication method

4 To configure password complexity rules, in Password complexity, make a selection to specify the minimum user password length, and whether to require alphanumeric characters, or alphanumeric and special characters.

5 To define password expiration rules, in Password expiration, perform the following tasks:

In Password expiration period, specify the number of days after which a user password expires.

In Password expiration notification, specify the number of days before the password expiration date that a user receives an expiration message during log in.

6 To specify that a user must change their password after logging in for the first time or after a password reset, in Login options, select User must change password on first login or after administrator resets password.

7 To specify the number of previous passwords that Metrics Management stores for a user, in Login options, specify a value in Number of previous passwords to store in password history.

8 Choose OK.

Configuring the Active Directory or LDAP authentication method

To configure the Active Directory or LDAP authentication method, provide the server name and port number of the Active Directory or LDAP server. You can enable Active Directory or LDAP over Secure Socket Layers (SSL) to encrypt user IDs and passwords that travel on the network. If you provide the standard port number of 636 that LDAP uses for SSL, Metrics Management always connects over SSL.

How to configure the Active Directory or LDAP authentication method

1 Choose Setup➛Configure.

2 In Properties➛Authentication—Authentication methods, select Active Directory or LDAP.

3 Choose Configure. Configuration Authentication appears. Figure 1‑13 shows Configuration Authentication for LDAP.

Figure 1‑13 Configuring the LDAP authentication method

4 To provide a server name and port number for Active Directory or LDAP:

1 Deselect Always use the default server, as shown in Figure 1‑14.

Figure 1‑14 Changing the default server for LDAP

2 Provide a server name and port number.

5 To configure Active Directory or LDAP to use SSL, select SSL.

6 Choose Test Connection to verify that the settings are correct.

7 Choose Save.

Configuring external user definitions

Metrics Management has a user record for every user that logs in using external authentication. Metrics Management supports importing the list of users from the external authentication pool to create the Metrics Management users. Before performing the import, you map key information from the external authentication pool to Metrics Management’s user attributes. For example, you can map the LDAP distinguished name attribute to the Metrics Management user name attribute, then import users from LDAP.

When you map user attributes, Metrics Management contacts your Active Directory or LDAP server and finds all the available attributes that are stored on the server. The Metrics Management name attribute defines how a user appears in Metrics Management. If an attribute does not appear in the list, you can provide one by contacting your network administrator for assistance.

How to map a Windows, LDAP, or AD attribute to a Metrics Management user attribute

1 Choose Setup➛Configure.

2 Choose Properties➛Authentication, to open User Details for Windows authentication, perform the following tasks:

1 In Authentication methods, select Windows.

2 Choose Configure. User Details appears. Figure 1‑15 shows
User Details—Windows.

Figure 1‑15 Opening User Details—Windows

3 To open User Details for LDAP or Active Directory authentication, perform the following tasks:

1 In Authentication methods, select LDAP or Active Directory.

2 Choose Configure. Configuration Authentication appears. Figure 1‑16 shows Configuration Authentication for LDAP.

Figure 1‑16 Configuring the LDAP authentication method

3 Select User Details. User Details appears. Figure 1‑17 shows
User Details—LDAP.

Figure 1‑17 Configuring LDAP authentication

4 In User details, to associate a user attribute with a Metrics Management user attribute:

1 Select a cell in the Attribute value column.

2 Choose the drop-down arrow. Then, select an attribute from the list of available user attributes.

3 Choose OK.

5 Choose Save.