Authentication Overview - Metasys - LIT-1201528 - General System Information - Metasys System - 10.1

Security Administrator System Technical Bulletin

Product name
Metasys System
Document type
Technical Bulletin
Document number
LIT-1201528
Version
10.1
Revision date
2020-01-21

Security is based on user accounts and roles. Roles are groups of users with a specific function within the Metasys system. To access the system, an administrator provides a username and the password. When creating users within the Metasys system, use ASCII characters only. Do not use the characters @ or \ to create Metasys local user names. The @ and \ characters are reserved for Active Directory service user names that are added to the system.

Note: If the Microsoft Active Directory service feature and Microsoft Windows® Workstation SSO are both enabled for use by the Metasys system, you generally do not need to specify your username and password. The Active Directory service credentials that you specified when you logged in to the OS are automatically passed to the Security Administrator system for authentication. For details, see Overview of Active Directory Service Implementation on the Metasys System.

Click Login on the Login screen to send your user credentials. If Active Directory service is enabled, you also need to select your user domain or enter a local username and select Metasys Local from the domain selection drop-down menu. If RADIUS is enabled, you also need to select your user domain, enter a local username and select RADIUS from the domain selection drop-down menu.

For local users, the extended architecture Security Administrator system authenticates the user’s information against the Security database. For Active Directory service enabled users, the selected Active Directory service domain authenticates the user (no Security database authentication occurs). For RADIUS enabled users, the selected RADIUS server authenticates the user (no Security database authentication occurs).

A unique session opens when your user credentials match the login requirements. The session allows access to the system for a configurable period. When the credentials do not match, a dialog box appears indicating that the credentials are incorrect or user access is denied. (For more details on possible login error messages, see Table 1.) The security system generates an audit trail and tracks all login attempts.

Note: The default password for the MetasysSysAgent user and Operator user accounts on new or re-imaged devices has a default password that is expired and must be changed at the first login.

When you click Login, the IPv4 address of the computer you are using is recorded in the Metasys Audit file. You can view the login transaction by opening the Audit Viewer. If the user logs in to the Metasys Advanced Reporting System and the SMP UI the SMP UI login time is recognized as the last login time. If the user logs in for the first time, the status box indicates Never as the last login time.