Explicit Authentication For Reports

Version 3

    Verified Product Versions

    LANDESK Management Suite 2016.xLANDESK Endpoint Manager 2017.x

    Overview

     

    This document goes over configuring explicit authentication for Reporting in LDMS. This impacts web-viewed reports, such as reports run from the web console, and ERP Reports.

     

    Steps

     

    Open IIS Manager and drill down to the "remote" site.

     

    Select the "Report" folder under the "Remote" site.

     

    Double click the "Authentication" action item and then right click "Basic Authentication" and click "Enable". Right click "Windows Authentication" and select "Disable"

     

    Screenshot_2.jpgScreenshot_4.png

     

    Head back to the "Report" folder and select "Authorization Rules". This is where you'll configure access.

     

    By default there will be an Allow rule for All Users. Go ahead and right click that and then remove it.

     

    Next, right click the open space and select "Add Allow Rule". In here, you can allow specific users, specific groups, roles, etc. In the example below I'm allowing domain administrators.

     

    Screenshot_115.png

    After this is done, you should now see that people attempting to access web reports are prompted to login. If they don't meet the criteria in the authorization rules, access will be denied. Below is an example of both when accessing an ERP Report, one with a member of Domain Admins, and one with a user that is not.

     

     

     

    Screenshot_117.pngScreenshot_118.png

     

    Screenshot_119.pngScreenshot_120.png

     

    Note that the full impact of switching to Basic Authentication has not yet been measured. If you run into any issues, please inform Ivanti Support.