Requirements
To use single sign-on:
l
Unity and UnityVSA storage systems must be running OE version 4.0 or later.
l
Unisphere Central version 4.0 or later must be used.
l
Both the Unisphere Central server and the storage systems must be configured to
authenticate against the same AD/LDAP directory.
l
The LDAP user must be directly mapped to a Unisphere role, or be a member of an
AD/LDAP group that maps to a Unisphere role on both the storage system and
Unisphere Central.
l
Each storage system must have single sign-on enabled.
l
The user must log in as an LDAP user.
In cases where these requirements are not met, the user must log in to the individual
system as a local user and provide authentication credentials to access that system.
You must have Administrator privileges to enable single sign-on. Users with Storage
Administrator, Operator, or VM Administrator privileges cannot enable single sign-on.
Use the following uemcli command to enable single sign-on:
Uemcli -d <IP address> -u <username> -p <password> /sys/ur set -
ssoEnabled yes
Each storage system that is configured with this feature enabled can be a client of the
centralized authentication server and participate in the single sign-on environment.
For more information about this command, refer to the
Unisphere Command Line
Interface User Guide
.
Considerations and Restrictions
The following web browsers are supported:
l
Google Chrome version 33 or higher
l
Microsoft Internet Explorer version 10 or higher
l
Mozilla Firefox version 28 or higher
l
Apple Safari version 6 or higher
The user session timeout between the web client and centralized authentication
server is 45 minutes.
The application session timeout between the web client and the storage system is one
hour.
Single sign-on process flows
The following sequences represent the authentication process flows related to single
sign-on associated with Unisphere Central.
Access to a storage system through Unisphere Central
1. User launches a web browser on a management workstation and specifies the
network address of Unisphere Central as the URL.
2. The browser is redirected by the web server to a local Unisphere Central login URL
and the user is presented with a login screen.
3. The user types and submits LDAP login credentials. The username is in the form
<LDAP DOMAIN>/username.
Access Control
20 EMC Unity All Flash, EMC Unity Hybrid, EMC UnityVSA 4.0 Security Configuration Guide
To Next Page
Loading...
Need help?
General
