Configuring Microsoft Active Directory
The users that are in Microsoft™ Active Directory are used to authenticate with i2 Analyze. The groups that are in Active Directory are used for authorization in i2 Analyze.
Create Microsoft Active Directory groups that
match the value of the UserGroup attribute of each
<GroupPermissions> element in the i2 Analyze security schema file.
UserGroup
attribute of each <GroupPermissions> element in the security schema.Note: The
security schema that the deployment uses is defined in the
ApolloServerSettingsMandatory.properties file. The security schema, and
properties files are in the
toolkit\configuration\fragments\common\WEB-INF\classes directory.
In a
single sign-on setup, the following users must be present in Active Directory:- A user for the server that hosts the i2 Analyze application, that is mapped to a Kerberos Service Principal Name (SPN).
- The users that are used to log in to i2 Analyze.
To authorize users, the following groups must be present in Active Directory:
- A group for each of the group permission elements in the i2 Analyze security schema.
- A group for administrators.