User authentication / Identity provider
Select and configure the identity manager you use for user authentication.
Active Directory
| Option | Example | Description | |
|---|---|---|---|
| (A)(1-The numbering (A)-(E) refers to the graphical representation of the connection process, see Integrating new devices) | Server | ldaps://dc.int.sampletec-01.com:636 | LDAP protocol and FQDN, or the IP address of the AD server (Domain Controller) |
| For LDAPS, you need a Base64-encoded CA certificate, see below. | |||
| Base | DC=int,DC=sampletec-01,DC=com | LDAP search base of the Active Directory domain | |
| Group template | SCG_Group_ | Prefix used for the newly created AD groups | |
| The prefix is used to authenticate users and assign devices to OUs of the Scout Server. | |||
| Only users who are members of an AD group with this configured prefix can log on to the Scout Cloud Gateway. | |||
| CA certificates | Base64-encoded CA certificate (.pem for secure LDAPS communication (LDAP over SSL) | ||
| To convert from .der to .pem, use openssl | |||
| openssl x509 -inform der -in cert.cer -out cert.pem |
- To check whether you can connect to the AD service with the specified AD data (without a new route), click Test connection. Enter the username and password of a test user and click Connect.
Note:
The username must be specified as a user principal name (UPN). Example: mmi@int.sampetec-01.com
OpenID Connect / Keycloak
View the configuration data for your Keycloak client in the Keycloak administration console under Installation > Format Option: Keycloak OIDC JSON
For further information on configuring Keycloak, see Configuring Keycloak.
| Option | Example | Description | |
|---|---|---|---|
| Keycloak realm | ScoutEnterpriseCloudGateway | Name of the realm you have created in the Keycloak administration console for your environment | |
| Keycloak server auth URL | https://keycloak.int.sampletec-01.com:8443/auth |
Server authentication URL as specified in your Keycloak client on the Installation tab | |
| Note: For authentication via Keycloak, only HTTPS is supported. For this you need a CA certificate. | |||
| Keycloak client ID | SCG | Name of your Keycloak client you have specified in Keycloak under Settings > Client ID | |
| Keycloak client secret | u14n936i-2642-43fc-o911-8n5de21a0e76 | Key generated by Keycloak for your Client ID, in Keycloak under Credentials > Secret |
Scout Cloud Gateway authentication
The Scout Cloud Gateway supports a token-based logon for the registration of new devices. You may create as many tokens as you like and give them to users to register their device.
You can have a token created automatically or create it manually.
- To create a new token, click Add token. Assign an OU to the token.
- Select Identity provider Scout Cloud Gateway.
-
Enter a new token (option A) A token must have a minimum of 16 and a maximum of 50 characters. Allowed characters:
-
alphanumeric characters (a-z, A-Z, 0-9)
-
special characters (!?#%&()<=>@^~*+,./:;_-)
-
- Generate a new token (option B)(from SCG 1 2209. In previous versions, for each new entry a token is generated automatically which you may replace with individual names (16 characters in length))
- ID for the OU in which the user’s device is to be registered during on-boarding
- Delete token / entry
- Create a new entry
User/password authentication
Up to eLux RP 6.10, the definition of SCG users with password was provided. For compatibility reasons, this method is still supported.
- Select Support user/password authentication and add new user entries.