6 Replies Latest reply on Oct 24, 2019 10:41 AM by rfackrell

    Authentication - EOC 2.1

    rfackrell

      Hey jblankjblank,

      In the old EOC there was an option under the Manage SolarWinds Servers to 'Import Active Directory Accounts from this SolarWinds Server into EOC'.
      Is that hidden somewhere in the EOC v2.1?

       

      Here is our over arching problem:
      Our Users are able to log into the EOC with their AD Creds, but if they click on anything that takes them to a Regional Server, it logs them in as the EOC Account, not their AD.
      We've been testing the "Use Custom Credentials' but it seems that Every User must get to 'Manage Servers' and input their own creds when they log into the EOC. That's just not convenient for a larger company. Am I missing a setting here somewhere to pass the individual log in info?

      Thanks!

        • Re: Authentication - EOC 2.1
          cobrien

          Hi there! jblankjblank has moved on to a new challenge at SolarWinds.  I'm handling EOC now.

           

          Unfortunately there is not an option in EOC 2.1 to import Active Directory accounts from Orion instances.  You're correct that pass through today requires going through Manage Servers.

           

          If you could wave a magic wand and have this work however you would like, how would it work?

            • Re: Authentication - EOC 2.1
              chippershredder

              Hey Chris (cobrien)!

               

              What is "Manage Servers"?  Is this part of the EOC settings configuration?  Are you referring to "Manage SolarWinds Sites"?

               

              I am using EOC in an environment that uses 2FA (CAC) for authentication.  There is no way to specify a username and password for each user in EOC that would be used in a drill-down to the SolarWinds content site.  We are already authenticating EOC access using group account management, just as we are with the Orion sites.  This works well and I can see the user and their granted access group in the title bar.  However, when the user selects an event or object to get more details and they are sent to the SolarWinds site, they are connected using the designated default account in the site properties of EOC.  I do not want to grant elevated access to an account that already violates the security practices (2FA) in our environment.

               

              Is it possible to pass through the current session credentials to the drill-down SolarWinds site?  Are there impersonation issues preventing this redirection?

               

              I agree with rfackrell, importing the credential sets from the Orion instances is not necessary and, in the scenario presented here, doesn't seem to make a difference during drill down.

               

              Thank you for any guidance!

            • Re: Authentication - EOC 2.1
              rfackrell

              Hey cobrien,
              Thanks for answering Back! At least we have an answer and can move forward.
              So it would be great if a user were to log into the EOC using the same AD Credentials, and when ever the EOC Opened a new windows to a regional poller, it would pass that credential.

              One thing I wondered is if there might be a Variable that could be put into the Custom Credentials.

              I'm not sure that importing AD is really necessary, Just my limited understand is thats how it worked in EOC 1.6.


              As I'm typing this I'm wondering if the implementation of SAML Support will make this possible.