Views:
Logging on to the EUQ management console using SSO requires the following:

Procedure

  1. Verify that LDAP1 or LDAP2 servers are enabled and specified as in use for Active Directory (IP address or domain name or FQDN).
  2. Verify that the DNS server is configured for IMSS contains the record of the Kerberos service.
  3. Verify that the endpoint operating system supports (and enables) Kerberos authentication:
    • Time should be synchronized between IMSS and the Kerberos authentication service.
    • Using FireFox: The about:config link is configured to add the negotiate-auth trusted url list.
    • Using Internet Explorer: The EUQ management console is added to the internal site list.
    • The Windows integrated authentication setting in Internet Explorer is enabled.
    • Using Windows Vista or above, use the hostname as the instance when generating a keytab file.
  4. Verify that only one EUQ management console instance is mapped to one user account. If the instance is mapped to more than one user, SSO will not work.
  5. If EUQ is deployed in a parent-child deployment, verify that you are using the parent device’s 8447 port to access EUQ. SSO will not work if a child’s port is used.
  6. Verify that the account provided on the LDAP Settings screen has permission to look up all accounts for authentication.