Manual Chapter : About AD Auth

Applies To:

Show Versions Show Versions


  • 15.0.1, 15.0.0
Manual Chapter

About AD Auth

An AD Auth action authenticates a user against an AAA Active Directory server. An authentication action typically follows a logon action that collects credentials.
When configured in a per-request policy subroutine, some screen elements and options described here might not be available.
Specifies Authentication, the type of this Active Directory action.
Specifies an Active Directory server; servers are defined in the
area of the Configuration utility.
Cross Domain Support
Specifies whether AD cross domain authentication support is enabled for this action.
Complexity check for Password Reset
Specifies whether Access Policy Manager (APM) performs a password policy check. APM supports these Active Directory password policies:
  • Maximum password age
  • Minimum password age
  • Minimum password length
  • Password must meet complexity requirements
APM must retrieve all related password policies from the domain to make the appropriate checks on the new password.
Because this option might require administrative privileges, the administrator name and password might be required on the AAA Active Directory server configuration page.
Enabling this option increases overall authentication traffic significantly because APM must retrieve password policies using LDAP protocol and must retrieve user information during the authentication process to properly check the new password.
Show Extended Error
When enabled, causes comprehensive error messages generated by the authentication server to display on the user's logon page. This setting is intended only for use in testing, in a production or debugging environment. If enabled in a live environment, your system might be vulnerable to malicious attacks. (When disabled, displays non-comprehensive error messages generated by the authentication server on the user's logon page.)
Max Logon Attempts Allowed
Specifies the number of user authentication logon attempts to allow. A complete logon and password challenge and response is considered as one attempt.
For a per-request policy subroutine, equivalent functionality is supported through subroutine settings.
Max Password Reset Attempts Allowed
Specifies the number of times that APM allows the user to try to reset password.