Hostname/IP Address
|
Enter the hostname or IP address of the provider.
|
Description
|
Enter a description of the provider.
|
Type
|
Click the Type drop-down list and choose one of the following types:
Note
|
A set of fields will appear based on the type that you choose.
|
|
[LDAP] Settings
|
Bind DN
|
Enter the LDAP bind DN.
|
Base DN
|
Enter the LDAP base DN.
|
Password
|
Enter a password for the LDAP settings.
|
Confirm Password
|
Reenter the password for the LDAP settings.
|
Port
|
Enter the port number for the provider type.
|
Advanced Settings
|
Displays additional fields in the Settings section of the provider dialog box.
|
Timeout (sec)
|
Enter the number of seconds allowed before a timeout occurs. The default is 30.
|
Retries
|
Enter the number of allowed retries. The default is 1.
|
SSL
|
To enable SSL, click to place a check in the SSL check box. To disable SSL, click to remove the check from the SSL check box. The default is enabled.
|
SSL Certificate Validation Level
|
Choose one of the following:
|
Attribute
|
Enter an LDAP attribute in the Attribute text box.
|
Filter Type
|
Choose a filter type:
-
Default
-
Microsoft AD
-
Custom
|
Filter
|
Enter an LDAP filter in the text box. This option only appears when the Custom filter type is chosen.
|
Select Management EPG
|
To add a management EPG:
-
Click Select Management EPG. The Select Management EPG dialog appears with a list of EPGs in the left pane.
-
Click to choose an EPG.
-
Click Select to add the management EPG to the LDAP.
|
Server Monitoring
|
To enable server monitoring, click to place a check in the Enabled check box. To disable server monitoring, click to remove the check from the Enabled check box. The default is disabled.
|
[RADIUS] Settings
|
Key
|
Enter the RADIUS key.
|
Confirm Key
|
Reenter the RADIUS key.
|
Advanced Settings
|
Displays additional fields in the Settings section of the provider dialog box.
|
Port
|
Enter the port number for the RADIUS settings. The default is 1812.
|
Authentication Protocol
|
Choose from the following:
-
PAP—(Default)
-
CHAP
-
MS-CHAP
|
Timeout (sec)
|
Enter the number of seconds allowed before a timeout occurs. The default is 5.
|
Retries
|
Enter the number of allowed retries. The default is 1.
|
Select Management EPG
|
To add a management EPG:
-
Click Select Management EPG. The Select Management EPG dialog appears with a list of EPGs in the left pane.
-
Click to choose an EPG.
-
Click Select to add the management EPG to the RADIUS.
|
Server Monitoring
|
To enable server monitoring, click to place a check in the Enabled check box. To disable server monitoring, click to remove the check from the Enabled check box. The default is disabled.
|
[TACACS+] Settings
|
Key
|
Enter the TACACS+ key.
|
Confirm Key
|
Reenter the TACACS+ key.
|
Advanced Settings
|
Displays additional fields in the Settings section of the provider dialog box.
|
Port
|
Enter the port number for the TACACS+ settings. The default is 1812.
|
Authentication Protocol
|
Choose from the following:
-
CHAP
-
MS-CHAP
-
PAP—(Default)
|
Timeout (sec)
|
Enter the number of seconds allowed before a timeout occurs. The default is 5.
|
Retries
|
Enter the number of allowed retries. The default is 1.
|
Select Management EPG
|
To add a management EPG:
-
Click Select Management EPG. The Select Management EPG dialog appears with a list of EPGs in the left pane.
-
Click to choose an EPG.
-
Click Select to add the management EPG to the TACACS+.
|
Server Monitoring
|
To enable server monitoring, click to place a check in the Enabled check box. To disable server monitoring, click to remove the check from the Enabled check box. The default is disabled.
|
[SAML] Settings
|
Identity Provider
|
Choose from the following identity providers:
-
ADFS—(default)
-
OKTA
-
PING IDENTITY
|
Identity Provider Metadata URL
|
Enter the metatdata URL provided by the identity provider.
|
Entity ID
|
Enter a unique ID as the SAML entity identifier.
|
HTTPS Proxy for Metadata URL
|
Enter the HTTPS proxy used to reach the identity provider's metadata URL.
|
Advanced Settings
|
Displays additional fields in the Settings section of the provider dialog box.
|
GUI Redirect Banner Message (URL)
|
Enter the GUI redirect banner message.
|
Certificate Authority
|
To choose a certificate authority:
-
Click Select Certificate Authoriy. The Select Certificate Authoriy dialog appears with a list of certificates in the left pane.
-
Click to choose a certificate.
-
Click Select to add the certificate. You return to the Create Provider dialog box.
|
Timeout (sec)
|
Enter the number of seconds allowed before a timeout occurs. The default is 5.
|
Retries
|
Enter the number of allowed retries. The default is 1.
|
Signature Algorithm Authentication User Requests*
|
Click the Signature Algorithm for Requests drop-down list and choose one of the following:
-
RSA SHA1
-
RSA SHA224
-
RSA SHA256
(Default)
-
RSA SHA384
-
RSA SHA512
|
Sign SAML Authentication Requests
|
To enable, click to place a check in the check box. To disable, click to remove the check from the check box. The default
is enabled.
|
Sign SAML Response Message
|
To enable, click to place a check in the check box. To disable, click to remove the check from the check box. The default
is enabled.
|
Sign Assertions in SAML Response
|
To enable, click to place a check in the check box. To disable, click to remove the check from the check box. The default
is enabled.
|
Encrypt SAML Assertions
|
To enable, click to place a check in the check box. To disable, click to remove the check from the check box. The default
is enabled.
|