Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1536
Views
0
Helpful
1
Replies

Authentication and Single Sign-On

allensurface
Level 4
Level 4

‎04-26-2011 06:07 PM

Does the Ironport support LDAP authentication with Single Sign-On. Or, is it only supported on NTLM? Can you setup multiple authentication realms to the same AD server, but call different AD groups? What I am trying to accomplish is to have single sign-on working and also have users places in certain access policies according to which AD group they are in. For instance, the marketing group would be placed into on access policy while HR would be place in another.

Labels:
0 Helpful
1 Reply 1

edadios
Cisco Employee
Cisco Employee

‎04-26-2011 07:09 PM

Hello,

Single Sign on is done on NTLM.

If you go to your GUI? Top Right Hand side > Support and Help Dropdown >  Select On Line Help > Then search for working with authentication realms

You will see as follows :

An authentication realm is a set of  authentication servers (or a single server) supporting a single  authentication protocol with a particular configuration.
You can perform any of the following tasks  when configuring authentication:
Include up to three authentication  servers in a realm.
Create zero or more LDAP  realms.
Create zero or one NTLM  realm.
Include an authentication server in  multiple realms.
Include one or more realms in an  authentication sequence.
Include realms of different  protocols in a single authentication  sequence.
Assign a realm or a sequence to an  Access Policy group.

You can do what you are trying to do with NTLM.

I hope this answers your query.

Regards,

Eric

0 Helpful
Customers Also Viewed These Support Documents