Forum Discussion
Matt_Forder_589
Nimbostratus
NimbostratusSingle Sign-On using RSA+AD
Hi all,
I'm trying to configure single sign-on for our firepass - we're using RSA SecurID as our primary authentication method, and we'd like to authenticate the additional domain password supplied by the user against AD.
My question is this; in the firepass admin guide the instructions state "In the Domain Admin name, type a user name that has Active Directory administrative permissions." - what I'm hoping someone can tell me is what the minimum set of permissions the AD admin user can have to enable SSO to work?
We have tried giving r/o permissions to the AD user - using the test function the firepass can extract the users full name but fails when it tries to do the challenge/response test.
My main reason for access is that our AD administrators are rightly nervous about having the firepass AD user have full administration rights and would prefer to only allocate the specific privileges required to achieve SSO.
Hoping someone out there can help!!!
mal_57091Matt,
I haven't tested this myself but i think you can assign query only privilege to account....again...please take that with a grain of salt.
Cheers,
Mal
Mark_57895Hi All,
I'm in the same boat. Another organisation manages AD in the project I'm working on and wants to provide a least-privileged account as possible. Any detailed AD account requirements would be greatly appreciated.
Regards,
Mark