External Authentication

RealPresence ITP systems support two roles for accessing the system, an admin role and a user role. Admins can perform administrator activities such as changing configuration, as well as user activities such as placing and answering calls. Users can perform only user-type activities.

The systems provide two local accounts, one for the user role (by default named user) and one for the admin role (by default named admin). The IDs and passwords for these local accounts are stored on the RealPresence ITP system itself.

An administrator can configure the system to grant access using network accounts that are authenticated through an Active Directory (AD) server such as the Microsoft Active Directory server. In this case, the account information is stored on the AD server and not on the RealPresence ITP system. The AD administrator assigns accounts to AD groups, one for RealPresence ITP system admin access and one for user access. For this reason, external authentication is also referred to as Active Directory authentication.

The RealPresence ITP system administrator configures the external authentication settings on the system to specify the address of an AD Server for authenticating user logins, AD group for user access, and AD group for admin access on the RealPresence ITP system. The system can map only one Active Directory group to a given role.

When External Authentication is enabled in PKI environments where Always Validate Peer Certificates from Server is enabled on the RealPresence ITP system, make sure to configure the Active Directory Server Address on the RealPresence ITP endpoint using the address information that is in the Active Directory Server's identity certificate. This is important in enabling the RealPresence ITP system to successfully validate the Active Directory Server's identity certificate.

As an example, if the Active Directory Server's identity certificate contains its DNS name only, and no specific IP address, configuring the Active Directory Server Address on the RealPresence ITP system using the server's IP address will result in certificate validation failure, and consequently authentication failure. The RealPresence ITP system configuration would have to specify the server by DNS name in this case to successfully match the server certificate data.

RealPresence ITP systems support Active Directory on Microsoft Windows Server version 2008 R2 and Microsoft Windows Server 2012.

Note: The RealPresence ITP system local user account is disabled when Enable Active Directory External Authentication is enabled. The admin account is active and usable.