User Authentication (Novell Only)
Accessing Novell Users with Single Sign On (SSO)
FaxPress Single Sign On (SSO) mechanism allows the network administrator to use NDS (or Novell bindery servers) to authenticate and administer FaxPress users. It provides the ability to control access to FaxPress by using Novell administration tools such as: NWADMIN.
By tightly integrating with Novell Directory Services, FaxPress automatically user groups on NDS and allows you to specify which network users have access to FaxPress and what his privilege level is. To logon to FaxPress a user needs to be logged on to NDS (or a bindery file server) and be specified as a member in one of the FaxPress groups. When the user first logs on to FaxPress a mailbox is automatically created for this user using the network name which he uses to logon to the network. The administrator has full control over how this mailbox is created and which properties will be assign to the mailbox such as which NDS print queue will be assigned to the user.
To add new users to FaxPress, all the administrator needs to do is add him to one of the FaxPress groups. When the user is removed from the group he will not be granted access to FaxPress. SSO also provides an automated way to clean up non-used mailboxes for users who are removed from the groups.
FaxPress Authentication Methods
FaxPress allows the supervisor to select the method by which users will be authenticated and granted access to FaxPress. The following authentication methods are available:
■ | FaxPress Native Authentication — User needs to log on to FaxPress by specifying a user name and a password. This method is always available, even for SSO enabled FaxPress servers. |
■ | NDS Authentication — User needs to be logged on to a specified context on NDS in order to be able to logon to FaxPress. No additional password is required for FaxPress. |
■ | Bindery File Server Authentication — User needs to be logged on to a specified Novell File Server in order to be able to logon to FaxPress. No additional password is required for FaxPress. |
SSO Groups
In general, when users logs onto a Novell network, they receive privileges based on membership in a group. In particular, if you use FaxPress Single Sign On, FaxPress privileges are granted based on membership in a FaxPress specific groups. There are two basic kinds of FaxPress groups: “serial number groups” and “global groups”.
Serial number groups are used to convey privileges to your users for a specific FaxPress server. Global groups are used to convey privileges to all your FaxPress servers. For example, to define a user that can access every FaxPress server in your network with User privileges, add them as a member to the global group FAXPRESS_user. If in addition you want to give this user supervisor privileges on FaxPress server serial number 08001111, add this user as a member to the serial number group named “08001111_Supervisor”.
If the user is a member in both a serial number group and a global group, the serial number privilege level takes precedence.
Serial Number Groups
When you installed the Novell NDS Network FaxPress server, the installation program created FaxPress Novell user groups called Serial Number Groups in your server installation context.
For example, suppose that a particular FaxPress has a serial number of 08101111. Then, to allow serial number privileges, use your Novell network Administrative Tools (such as NWAdmin or NetAdmin) to assign users to groups with the following names:
■ | 08101111_User— User* |
■ | 08101111_Router— Router* |
■ | 08101111_Operator— Operator* |
■ | 08101111_Supervisor— Supervisor* |
*Refer to user privilege definitions in Creating User Accounts.
In an NDS environment, these groups will be created in the same context in which the FaxPress is installed.
In a Novell Bindery environment these groups will be created on the FaxPress master file server (the server that the FaxPress server software is installed on.)
Global Groups
Membership in FaxPress Single Sign On can also be defined in terms of groups of FaxPress servers by pointing a global membership group in a shared space. When users are added to the global group, their privileges are defined for every FaxPress server that shares the global group.
To allow global privileges:
■ | Enable global groups for each server that you want to access members on a global basis and locate the global groups in the same context. FaxPress will create the groups for you. |
■ | Add users using Novell administrative tools to any of the following group names: |
■ | FAXPRESS_User— User* |
■ | FAXPRESS_Router— Router* |
■ | FAXPRESS_Operator— Operator* |
■ | FAXPRESS_Supervisor— Supervisor* |
*Refer to user privilege definitions in Creating User Accounts.
In an NDS environment, global groups can be created anywhere in the NDS tree and the privileges granted will match membership in the group. For example, if there are FaxPresses installed in regional contexts and the global groups exist in a corporate context, an administrator will only have to update the global groups to control the privileges of all FaxPresses.
Automatic Creation of Mailboxes
Once you have enabled SSO on the FaxPress server, and added the users to the above groups, the users can login to FaxPress. The user needs to first login to either NDS or the file server that the administrator specified. When the user tries to login for the first time, he will be prompted with a message prompting him to either select to create a new mailbox or connect to an existing mailbox.
If you are upgrading from a previous version of FaxPress please connect to you existing mailbox.
You will be prompted to enter the password for the last time. Once SSO mailbox is created you will not be prompted to enter you previous password again.
If a new mailbox is created, the user’s network logon name will be used as the mailbox name. The user’s “Fully qualified Network Name” (FNN) will be associated with this mailbox. A FNN is a unique identifier for a user that includes the server name or NDS context that contains the user. If for any reason this association needs to be removed so the user can logon to a different mailbox, the administrator can remove the association through the user properties user interface (Refer to Network Details.)
To configure Single Sign On, do the following.
1. | Login to FaxPress with supervisor privileges. |
2. | Right click on the [Server Name] folder and select Properties from the context menu. |
3. | Use the right arrow at the top of the properties dialog box to leaf through the server properties tabs. Click on the User Authentication tab to display the User Authentication Dialog Box. |
The User Authentication dialog box will only be enabled if you have the Novell IntraNetware client installed on your workstation.
4. | Select the method of user authentication that you would like to utilize in How should FaxPress authenticate users. |
The default is With FaxPress native authentication only, which means that users must use a login ID and password in order to use FaxPress. This is the default setting and has no additional parameters.
The FaxPress Single Sign On feature requires the existence of FaxPress groups. These are created by the FaxPress server installation program in the server installation context. There are two different kinds of FaxPress groups: serial number groups and global groups. For more information regarding Single Sign On and the concepts of groups refer to Novell Single Sign On.
1. | If you are on an Novell NDS network and want to enable Single Sign On, select With Novell NDS authentication using the network login ID. |
Highlight a choice and click OK to assign the NDS context. The mandatory FaxPress user groups must exist in the selected context.
If you would like to use the global FaxPress user groups, select Also, use global FaxPress groups. You can accept the default location or click on Browse to specify the NDS context.
The FaxPress global groups will be created in the selected context.
c. | Click on OK to return to the User Authentication dialog box. |
3. | Specify new mailbox template parameters in the When automatically creating a new mailbox section. Selecting a mailbox type in the scroll down list for Mailbox template based on. |
The scroll down list will include every user defined in the Users folder of the Administration branch as a possible choice for your template. In this case, we create a NDS specific user called NDS_Template. You can create your own template or use any other defined user account.
4. | FaxPress can be configured to allow Single Sign On users direct access. These means that the users do not have to be logged on to the Novell network in order to access FaxPress. |
■ | If you want to make FaxPress directly assessable, set a password for FaxPress users, or for pre-existing FaxPress users you can elect to leave the current password unchanged. |
■ | If you assign a random password, your FaxPress users will only be able to access FaxPress through their Novell network login. |
■ | You can assign passwords for two cases of users: |
■ | Novell users new to FaxPress |
a. | For new FaxPress users, select Set password to and enter the password in the edit box, to enable your users to access FaxPress directly (when they are not logged into a Novell network). |
b. | For new FaxPress users, select Generate random password to disable direct user access to FaxPress (users will have to be logged into a Novell network to access FaxPress). |
Novell users with existing FaxPress user mailboxes.
a. | For existing FaxPress users, select Leave Password Unchanged or Set password to and enter the password in the edit box, to enable your users to access FaxPress directly (when they are not logged into a Novell network). |
b. | For existing FaxPress users, select Generate random password to disable direct user access to FaxPress (users will have to be logged into a Novell network to access FaxPress). Their current FaxPress password will be changed to a random one once the mailbox is converted. |
5. | Click on OK to return to the User Authentication dialog box. When you have completed configuring your user authentication parameters, click OK to set the new configuration. The following message will be displayed: |
Single Sign On is now enabled, but to implement this feature you must add your Novell network users to the FaxPress serial and/pr global groups.
FaxPress WebHelp
Last Updated: 9/12/2007
E-mail this page |
Castelle 855 Jarvis Drive, Suite 100 Morgan Hill, CA 95037 Toll-free 800.289.7555 Tel 408.852.8000 Fax 408.852.8100 |