Configure Airlock IAM for Web application's

Procedure-related prerequisites

  • None.

Instruction

  1. Go to: Loginapp >> Application Settings.
  2. Edit the Target Application for Web application's.
  3. Configure a Kerberos Identity Propagator (requires Airlock Gateway) as Identity Propagator.
  4. Set the following values:
    • -Kerberos Users: Configure the plugin Kerberos User Definition
  6. Edit the Kerberos User Definition
  7. Set the following values:
    • -Username Attribute: <YOUR sAMAccountname or USER's UPN>
    • -Windows Domain: <YOUR ACTIVE DIRECTORY DOMAIN WHICH CONTAINS THE USER>
    • -Mapping Name: <YOUR AIRLOCK GATEWAY MAPPING>
  9.  
    Risk
    • Windows Domain: It is highly recommended in cross-domain setups to configure the username precisely.

    • This can be achieved by:

      • Configuring the sAMAccountname in Username Attribute and the Windows Domain.
      • Configuring the User UPN in Username Attribute and leave the Windows Domain empty.
        Do not configure the User UPN in the Username Attribute and the Windows Domain.
  10.  
    Notice
    • Mapping Name: This is an optional field.
  11. Click on the Activate button.
  12. The configuration has been updated successfully.
 
Functional limitation

HIGH – Only one Kerberos user per Airlock Gateway session

  • Ensure that only one Kerberos user is set without Mapping Name.
  • In case that a different user should be propagated to a specific web application, define a Kerberos user with the Mapping Name (see Example).

Further information and links