Configuring Global Authentication

You can configure the Authentication Settings for deployment packages.

Important - Use the Unauthenticated mode only for evaluation purposes. Never use this mode for production environments. Configure the authentication settings before moving to production.

To configure authentication settings:

1. In SmartEndpoint open Manage > Endpoint Authentication Settings.
2. Click Add.

   The Active Directory SSO Configuration window opens.

3. Enter the details of the configured Active Directory, taken from the output of ktpass, the Active Directory map service command.

   Field	Description
   Domain name	Active Directory domain name.
   Principle Name	Authentication service name in the format: SERVICE/realm@REALM This value must match what was done in Active Directory > New Object.
   Password	Enter (and confirm) the password of the Active Directory Domain Admin user you created for Endpoint Security use.
   Ticket encryption method	Select the encryption method according to the Active Directory output in the etype field.
   Key version number	Enter the version number according to the Active Directory output in the vno field.

4. Click OK.
5. When you are ready to work in Authentication mode, select Work in authenticated mode in the Authentication Settings pane.

   When you configure client package profiles, you will have to choose an authentication account. The SSO Configuration details will be included in the client package, allowing the server to authenticate the client.

Important - After turning on Strong Authentication, wait one minute before initiating any client operations. It will take time for the clients and the Endpoint Security Management Server to synchronize. During this time, the environment will remain unauthenticated, and some operations will fail. The exact amount of time depends on the synchronization interval.