Through this screen it is possible to configure the Windows authentication server.



Authentication - Faded Windows Server fields


If all options are grayed out as in the image above, select the [] icon, located on the right side of the “Windows Server” option. Click on it to activate it, it should look like this: []. Once this is done, the options will be available for editing and the Windows Server server can be configured correctly.


Below we will specify some fields:

  • LDAP Server: Select the LDAP profile that was created by clicking the add [button. Ex.: Primary DC;
  • Workgroup: Defines the domain controller workgroup. E.x. DOMINIOC;
  • Domain: Defines the domain into which users will be imported. Ex.: dominioc.com.
  • WMI Authentication: Mark this option [] to use this type of authentication;
  • Timeout: Configure the time the session will take to logout due to inactivity, with a minimum of 10 seconds and a maximum of 600 seconds of inactivity;
  • Additional Servers: Field menat for the insertion of aditional authentication servers. In case of more than one, they must be separated by comas. 

After filling in the fields, in the upper right corner, next to the sync button, you can see the [] button, it has the function of saving the changes made in the "servers" of the "Windows Server" panel.


To add a Windows Server, check this Windows Server - Add Server page.

Single Sign On Authentication


This procedure is approved for Windows Server 2012, Windows Server 2008 and Windows Server 2016.


The BLOCKBIT UTM SSO agent does not need to be distributed among Windows domain devices (workstations). It is an agent that needs to be made available only on the Windows server that owns the domain controller and maintains the AD (Active Directory) on your network, with the role of integrating and synchronizing users.

The SSO client acts integrated with AD login events. Therefore, any device that logs into AD will have its session authenticated at UTM, this includes other operating systems that somehow join AD.

Windows Management Instrumentation - WMI (Agentless Authentication)


Windows Management Instrument (WMI), consists into specifications for devices and applications management consolidation in Windows Server corporate networks.

These specifications are factory set in the W10, W8, Millenium, 2000, XP and Server 2003, 2012, 2016 and 2019 Windows versions. For previous systems, like Windows 98 and NT 4.0 it can be downloaded and installed. 

Warning

In the Blockbit UTM, the WMI service is similar to the SSO Agent, however IT IS NOT necessary to install the Agent in the AD (Active Directory).


It's necessary to enable the checkbox in the authentication screen - servers - Windows, "WMI Authentication", and insert the timeout right bellow, that is the time within which the UTM will check the user's sessions with the AD (Active Directory).

Note: The WMI service works only in the Windows authentication method. 


Timeout data:


Default timeout: 15 seconds
Minimum timeout: 10 seconds
Maximum timeout: 600 seconds


WMI - Checkbox and Timeout field


The AD's manager users are set from default with all of the necessary permissions for the WMI to work. In case it's necessary to allow another user who's not a manager, for the WMI to work, follow the steps bellow:


1. In the target server, go to Administrative Tools > Computer Management.


WMI - Settings


2. Expand Services and Applications.

3. Right-click in WMI control and select properties. 



WMI - Properties


4. In the WMI control properties window, select the Securuty tab.
5. Click security.

6. Click "Add" in case of adding a user like a monitor.


WMI - Remote Enable


7. Mark "Remote Enable" for the user or group of users that requires the WMI data.
8. Check if the connection has been successfuly done.

Requirements for running the SSO agent


For the BLOCKBIT SSO agent to work and integrate with the scheduling and login event service, the system requires the installation of the .NET Framework version 3.5 application on the Windows server.

To install .NET version 3.5, use the installation features available in the “Server Manager” panel, item [Add roles and features] of your Windows server.

Download the SSO agent file from your network's Windows AD server and save it to a local directory.

In BLOCKBIT UTM access the Windows Server Menu


Click the link to download the Single Sign On authentication agent. As shown below:


 Click here to download the Single Sign On authentication agent


For the SSO agent installation and configuration procedure - follow the setup tutorial procedures on our website (or click here).

  • No labels