Profiler - External (Proxy) Authentication

Created: 2012-04-20 08:09:59
Modified: 2019-03-11 12:40:42
Tags: Profiler

Overview of Profiler’s new External Authentication

Connectivity over LDAP is required, same as the usual Profiler setup requirement.  Trusts are not used.
A Security Group is created in the central forest (i.e. ProfilerAdmins on Central.com)]
User(s) made member of the new Security Group (i.e John@central.com). This User is also added to the Profiler Admins list.)
Members of the ProfilerAdmins Security Group will be authorized to use the Profiler External Authentication.
So, you have an account on Central.com (John@central.com) .
But you do not have an account on the individual AD forest you want Profiler to administer.

Profiler Admin Configuration In the Profiler Config (Admin) go to the new ‘ External Authentication ’ tab. External Domain By entering a value you activate Profiler’s external authentication. This allows users from outside of the Profiler connected forest to authenticate as a proxy user. This value is the FQDN of the external domain. Example: acme.com. Host This is the hostname/IP address of a domain controller from the external domain. Admin Group DN This is a full DN of a group object in the external domain. Users who authenticate are checked against this group to allow access to Profiler. If this field is left blank ALL users from the external domain are allowed access after authenticating. Default User DN Enter the full DN of the proxy user account that will be used by the external users.

Profiler User tool login Log to the Profiler User tool using your Central.com account (i.e John@central.com). Select the desired External Domain. What this does is log you in by proxy to a pre determined proxy administrator account in the individual forest.

Share this article:
Knowledgebase

Directory
  1. Directify - Self Service

  2. Mimic - Replication

  3. UnitySync - Sync
Password
  1. emPass - Sync
Obsolete
  1. Profiler
  2. SimpleSync