Configuring NetIQ eDirectory back-end authentication

To enable NetIQ eDirectory back-end authentication

1. Launch the OneSpan Authentication Server Appliance Configuration Tool and enter your credentials (see Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
2. Select Authentication Server > Authentication Back-Ends.
3. Select Enabled for the NetIQ eDirectory back-end server.
4. Click SAVE.

To add a NetIQ eDirectory back-end server record

1. Log on to the OneSpan Authentication Server Administration Web Interface (see Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
2. Switch to the BACK-END tab and select Register eDirectory Back-End.
3. Fill in the necessary fields. Note that Timeout is mandatory.
4. Click CREATE.

Within NetIQ eDirectory, different password verification mechanisms exist for different services requested. OneSpan Authentication Server Appliance uses SASL Digest-MD5 LDAP authentication, which is only supported using the simple password mechanism. Successful authentication with eDirectory therefore requires one of two options:

1. Configuring the simple password manually for each user account within NetIQ eDirectory.
2. Enabling universal passwords to automatically synchronize all password mechanisms within NetIQ eDirectory. For more information about configuring universal passwords, refer to the NetIQ eDirectory product documentation.

To adjust the authentication policy settings, follow the same instructions as provided for RADIUS back-end authentication (see Configuring RADIUS back-end authentication), using NetIQ eDirectory instead of RADIUS as the back-end protocol.

To create a client record and assign the policy, follow the same instructions as provided for RADIUS back-end authentication (see Configuring RADIUS back-end authentication).