Configuring Authentication Settings

Configure the settings in Endpoint Security for client to server authentication.

Important:

Use the Unauthenticated mode only for evaluation purposes. Never use this mode for production environments. Configure the authentication settings before moving to production.

How the Authentication Settings are Used in Deployment Packages

When you configure client package profiles, you select an authentication account. The SSO Configuration details are included in the client deployment package, which allows the server to authenticate the client.

To configure authentication settings:

  1. In Endpoint Security, go to the Endpoint Settings view > the Authentication Settings tab.
  2. Click Add.

    The New Authentication Principal window opens.

  3. Enter the details from the output of ktpass.exe that you configured in Step 1 of 3: Configuring the Active Directory Server for Authentication:

    Field

    Description

    Domain name

    Active Directory domain name.

    For example: nac1.com

    Principle Name

    Authentication service name in the format: ServiceName/realm@REALM

    This value must match the name that was configured in Active Directory > New Object.

    For example: tst/nac1.com@NAC1.COM

    Version Key

    Enter the version number according to the Active Directory output in the vno field.

    For example: 7

    Encryption method

    Select the encryption method according to the Active Directory output in the etype field.

    For example: RC4-HMAC

    Password

    Enter (and confirm) the password of the Active Directory Domain Admin user you created for Endpoint Security use.

    For example: 123456

  4. Click Add.
  5. When you are ready to work in Strong Authentication mode, select Work in authenticated mode in the Authentication Settings tab.
Important:

After you turn on Strong Authentication, wait one minute before you initiate any client operations.

It takes time for the clients and the Endpoint Security Management Server to synchronize. During this time, the environment remains unauthenticated, and some operations fail. The exact amount of time depends on the Active Directory scanner (see Managing Active Directory Scanners).