After you have passed through the authentication process, the authorization step is next. Authorization is the process of verifying that a known, authenticated user has the authority to perform a certain operation. Within this process, you determine your access rights by looking up your permissions in the Metasys Security database. You may assign Active Directory service user permissions directly or through Metasys roles. You determine permissions in the same manner as for a Metasys local user.
If authorization is successful, the Metasys SMP UI appears. If either authentication or authorization fails, or if SSO is disabled, the Metasys SMP UI login screen reappears and you must continue the login process by entering either your Active Directory service or Metasys local credentials.
Table 1 lists scenarios that may occur when you log in.
|
Are You Logged in to OS as Active Directory Service User? |
Does Active Directory Service User Account Exist in the Metasys System? |
Action When You Attempt SSO Login |
|---|---|---|
|
Yes |
Yes |
SSO login permitted. Metasys login screen does not appear. |
|
Yes |
No |
SSO login not permitted. Login screen appears with message:
If you try to log in with your Active Directory service credentials, this message appears:
|
|
Yes |
Yes |
SSO login not permitted. Login screen appears with message:
If you try to log in with your Active Directory service credentials, system access is permitted. |
|
Yes |
No |
SSO login not permitted. Login screen appears with message:
If you try to log in with your Active Directory service credentials, this message appears:
|
|
No |
Yes |
SSO login not permitted. Login screen appears with message:
If you try to log in with your Active Directory service credentials, system access is permitted. |
|
No |
No |
SSO login not permitted. Login screen appears with message:
If you try to log in with your Active Directory service credentials, this message appears:
|
|
No |
Yes |
SSO login not permitted. Login screen appears with message:
If you try to log in with your Active Directory service credentials, system access is permitted. |
|
No |
No |
SSO login not permitted. Login screen appears with message:
If you try to log in with your Active Directory service credentials, this message appears:
|
To log out, click the Logout button on the SMP UI of the Metasys server. This action returns you to the Metasys login screen (or Warning Banner screen, if enabled), but does not log you out of Microsoft Windows or the Active Directory service. The login screen (or the Warning Banner screen, if enabled) also appears if your session becomes inactive and times out.
If you exit the Metasys system by closing the Metasys SMP UI window, you are logged out, but the Metasys login screen does not appear.
Active Directory service passwords are not maintained or cached within the Metasys Security database; therefore, they cannot be changed using the Metasys SMP UI. The Security Administrator system maintains passwords for Metasys local accounts.