Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

Administrator's guide

Integration with other solutions

Integration with Active Directory, Active Directory Federation Services and FreeIPA

Authentication using domain accounts

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Authentication using domain accounts

April 8, 2024

ID 221427

Get as PDF

To enable users to perform authentication in the KUMA web interface using their own domain account credentials, perform the following configuration steps.

  1. Enable domain authentication if it is disabled.

    Domain authorization is enabled by default, but a connection to the domain is not configured.

  2. Configure a connection to the domain controller.

    The following connections are available:

    The AD and ADFS connection settings can be configured at the same time.

    You can connect to one domain only.

  3. Add groups of user roles.

    You can specify a domain group for each KUMA role. After performing authentication using their domain accounts, the users from this group get access to the KUMA web interface in accordance with the specified role.

    The application checks whether the user's group matches the specified filter in the following order of precedence of roles in the KUMA web interface: Junior analyst → Tier 1 analyst → Tier 2 analyst → Tenant administrator → General administrator. Upon the first match, the program assigns a role to the user and does not check any further. If a user matches two groups in the same tenant, the role with the least privileges will be used. If multiple groups are matched for different tenants, the user will be assigned the specified role in each tenant.

Special considerations for logging in after configuring domain authentication

For successful authentication, the following conditions must be met:

  • FreeIPA: when logging into the system, the user must capitalize the domain name in the login. Example: user@FREEIPA.COM.
  • AD/ADFS: when logging into the system, the user must specify UserPrincipalName in the login. Example: user@domain.ru.

If you complete all the configuration steps but the users are not able to use their domain accounts for authentication in the KUMA web interface, it is recommended to check the configuration for the following issues:

  • An email address is not indicated in the properties of the user account in Active Directory. If this is the case, an error message is displayed during the user's first authentication attempt and a KUMA account is not created.
  • There is already an existing local KUMA account with the email address indicated in the domain account properties. If this is the case, the error message is displayed when the user attempts to perform authentication with the domain account.
  • Domain authorization is disabled in the KUMA settings.
  • An error occurred when entering the group of roles.
  • The domain user name contains a space.

In this section

Enabling and disabling domain authentication

Configuring connection between KUMA and FreeIPA

Configuring connection between KUMA and Active Directory

Configuring connection between KUMA and Active Directory Federation Services

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.