Remote Authentication and Authorization

Harmony Controller can be configured to use remote servers for authentication and authorization. These servers may be based on one of the following protocols:

When you use a remote server based on one of these protocols, both authentication and authorization are managed at the external server. User data is stored in remote server. Typically, all enterprise systems connect to the central authentication and authorization server. Users are created and managed at the central server. Access to various enterprise systems and functions is provided through attributes stored in the user’s profile.

Remote authentication and authorization workflow

Step 1: Configure external authentication server.
Configure remote authentication server. This configuration includes details about access method and location of the remote server. Ensure that you provide accurate details to avoid login failures.
Step 2: Create access groups.
Create access groups for various user profiles. Access groups allow users to access resources irrespective of their roles. For more information, see Role-Based Access Control (RBAC). Note that the access groups information configured in a user’s profile in remote server must match with the access groups in provider’s account in Harmony Controller.
Step 3: Configure access attribute in user profile in authentication server.
Configure Harmony Controller attribute and access group of the user on the remote server.

On successful authentication, the remote server returns a user profile along with the access attribute. If the access groups specified in the access attribute match the access groups in the Provider account, user will log in with access authorization as per the Access Groups. Users with invalid access group fail to log in to Harmony Controller even after they successfully authenticate.