I'd like to implement passthrough authentication on our K1000 for user servicedesk. I did find a previous article listing that it is not a supported feature dated April 2011. Has this changed at all? Has anyone had success implementing some sort of workaround?
3 Comments   [ + ] Show Comments

Comments

  • What version of the appliance are you running?
  • Just upgraded to 6.3 this weekend.
    • You should be able to turn on Single Sign On in the security settings.
      • I was under the impression that SSO would just grab user credentials from AD. My goal is to have users bypass the login screen altogether.

        edit: aaaaand looking at the documentation, I am wrong. Cheers!
      • According to this KB article they don't have to enter their credentials again: http://documents.software.dell.com/k1000-systems-management-appliance/6.3/administrator-guide/getting-started-with-the-k1000-systems-management-appliance/configuring-user-accounts-ldap-authentication-and-sso/configuring-single-sign-on-sso/about-user-authentication-for-single-sign-on

        I don't know if that bypasses the screen altogether, however. Have you enabled SSO but you're still seeing the login page? We have not enabled it in our environment but I am curious about how it works.
      • I'll be looking more into it tonight, but from what I read at https://support.software.dell.com/k1000-systems-management-appliance/kb/111863 it appears as though some IE settings need to be changed too, which should be simple enough as our intranet already uses SSO. And yes, it should bypass login if setup correctly.
  • Well that was incredibly simple. Settings > Security Settings > Single Sign On > Active Directory.

    Make sure you have LDAP working already and you're good on the KACE side. As for windows, you'll need a GPO to distribute your K1000 as a trusted server, and allow authentication to be sent over LAN:

    Computer Comfiguration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Intranet Zone > Logon Options > Enable "Automatic logon with current username and password"
    Computer Comfiguration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Site to Zone Assignment List > add your site to zone 1
Please log in to comment

There are no answers at this time

Answers

Answer this question or Comment on this question for clarity

Share