Adding or Editing a Domain with NT Domain Authentication

To configure a domain with NT Domain authentication:
1
On the Portals > Domains page, click Add Domain or the Configure icon for the domain to edit. The Add Domain or Edit Domain window is displayed.
2
If adding the domain, select NT Domain from the Authentication Type menu. The NT Domain configuration fields will be displayed.

3
If adding the domain, enter a descriptive name for the authentication domain in the Domain Name field. This is the domain name selected by users when they authenticate to the SRA appliance portal. It may be the same value as the NT Domain Name.
4
Enter the IP address or host and domain name of the server in the NT Server Address field.
5
Enter the NT authentication domain in the NT Domain Name field. This is the domain name configured on the Windows authentication server for network authentication.
6
Enter the name of the layout in the Portal Name field. Additional layouts may be defined in the Portals > Portals page.
7
Optionally select the Enable client certificate enforcement check box to require the use of client certificates for login. By checking this box, you require the client to present a client certificate for strong mutual authentication. Two additional fields will appear:
Verify user name matches Common Name (CN) of client certificate - Select this check box to require that the user’s account name match their client certificate.
Verify partial DN in subject - Use the following variables to configure a partial DN that will match the client certificate:
User name: %USERNAME%
Domain name: %USERDOMAIN%
Active Directory user name: %ADUSERNAME%
Wildcard: %WILDCARD%
8
Select the Delete external user accounts on logout check box to delete users who are not logged into a domain account after they log out.
9
Select the Auto-assign groups at login check box to assign users to a group when they log in.

Users logging into NT domains are automatically assigned in real time to SRA groups based on their external NT group memberships. If a user’s external group membership has changed, their SRA group membership automatically changes to match the external group membership.

10
Optionally select the One-time passwords check box to enable the One-time password feature. A drop-down list will appear, in which you can select if configured, required for all users, or using domain name. These are defined as:
if configured - Only users who have a One Time Password email address configured will use the One Time Password feature.
required for all users - All users must use the One Time Password feature. Users who do not have a One Time Password email address configured will not be allowed to login.
using domain name - Users in the domain will use the One Time Password feature. One Time Password emails for all users in the domain will be sent to username@domain.com.
11
If you select using domain name, an E-mail domain field appears below the drop-down list. Type in the domain name where one-time password emails will be sent (for example, abc.com).
12
Click Accept to update the configuration. Once the domain has been added, the domain will be added to the table on the Portals > Domains page.