Configure Airlock IAM for Web application's

Procedure-related prerequisites

  • None.

Instruction

  • 1.
    Go to: Loginapp >> Application Settings.
  • 2.
    Edit the Target Application for Web application's.
  • 3.
    Configure a Kerberos Identity Propagator (requires Airlock Gateway) as Identity Propagator.
  • 4.
    Set the following values:
    • -
      Kerberos Users: Configure the plugin Kerberos User Definition
  • 5.
    Edit the Kerberos User Definition
  • 6.
    Set the following values:
    • -
      Username Attribute: <YOUR sAMAccountname or USER's UPN>
    • -
      Windows Domain: <YOUR ACTIVE DIRECTORY DOMAIN WHICH CONTAINS THE USER>
    • -
      Mapping Name: <YOUR AIRLOCK GATEWAY MAPPING>
    • Windows Domain: It is highly recommended in cross-domain setups to configure the username precisely.
      • This can be achieved by:
      • Configuring the sAMAccountname in Username Attribute and the Windows Domain.
      • Configuring the User UPN in Username Attribute and leave the Windows Domain empty.
        Do not configure the User UPN in the Username Attribute and the Windows Domain.
    • Mapping Name: This is an optional field.
  • 7.
    Click on the Activate button.
  • The configuration has been updated successfully.

HIGH – Only one Kerberos user per Airlock Gateway session

  • Ensure that only one Kerberos user is set without Mapping Name.
  • In case that a different user should be propagated to a specific web application, define a Kerberos user with the Mapping Name (see Example).

Further information and links