Technical Documentation

Download PDFs
Creating an Authentication Realm (NSM Procedure)

Creating an Authentication Realm (NSM Procedure)

To create an authentication realm:

In the NSM navigation tree, select Device Manager > Devices.
Click the Device Tree tab, and then double-click the Infranet Controller device for which you want to create an authentication realm.
Click the Configuration tab. In the configuration tree, select Administrators > Admin Realms or Users > User Realms.
Add or modify settings on the General tab as specified in Table 1.
Click one:
- OK—Saves the changes.
- Cancel—Cancels the modifications.

Table 1: Authentication Realms Configuration Details

Option	Function	Your Action
Realm Name	Specifies a unique name for the authentication realm.	Enter the name.
Description	Describes the authentication realm.	Enter a brief description for the authentication protocol.
When editing, start on the Role Mapping page	Specifies whether the Role Mapping tab should be selected when you open the realm for editing.	Select this option to start editing on the Role Mapping page.
Authentication	Indicates the authentication server for authenticating the users who sign in to this realm.	Select the authentication. Note: The Infranet Controller supports RADIUS proxy for both inner and outer authentication. RADIUS proxy allows you to use an external RADIUS server for authentication. If the authentication server for a realm is a RADIUS server, three option buttons are visible: Proxy RADIUS Inner Authentication, Proxy RADIUS Outer Authentication, and Do not proxy. If the authentication server is not a RADIUS server, the proxy check boxes are hidden. See “Using RADIUS Proxy.” When RADIUS proxy is used, realm or role restrictions cannot be enforced. Host Checker policies, source IP restrictions, and any other limits that have been assigned are bypassed. RADIUS proxy should be used only if no restrictions have been applied.
Directory/Attribute	Specifies the directory or attribute server to use.	Select this option to specify which directory or attribute server to use.
Accounting	Specifies the RADIUS accounting server to use.	Select this option to specify which RADIUS accounting server to use. Note: If the LDAP server is down, user authentication fails. You can find messages and warnings in the event log files. When an attribute server is down, user authentication does not fail. Instead, the groups or attributes list for role mapping and policy evaluation is empty.
Enable Dynamic policy evaluation	Enables an automatic timer for dynamic policy evaluation of this realm’s authentication policy, role mapping rules, and role restrictions.	Select this option to enable dynamic policy evaluation. Note: If you select Dynamic policy evaluation and you do not select Refresh roles and Refresh resource policies, the Infranet Controller evaluates the realm’s authentication policy, role mapping rules, and role restrictions only. Because dynamic policy evaluation can potentially impact system performance, keep these guidelines in mind: Automatic (timer-based) refreshing of user roles and resource policies can affect system performance. You can improve performance by disabling either or both of the Refresh roles and Refresh resource policies options to reduce the scope of the refresh. You can improve performance, by setting the Refresh interval option to a longer time period. Use the Refresh Now button at times when users may not be affected.
Refresh roles	Refreshes the roles of all users in this realm. (This option does not control the scope of the Refresh Now button.)	Select this option to refresh roles.
Refresh policies	Refreshes the resource policies (not including Meeting and Email Client) for all users in this realm. (This option does not control the scope of the Refresh Now button.)	Select this option refresh policies.
Refresh interval (minutes)	Specifies how often you want the Infranet Controller to perform an automatic policy evaluation of all currently signed-in realm users. Specify the number of minutes (5 to 1440).	Enter the frequency in minutes.