ESM supports the ability to create and manage local accounts in ESM itself to manage authentication and permissions in the UI. In many environments, however, it’s most convenient for users to leverage existing login credentials to authenticate into the ESM, rather than create a new set of local credentials. This eliminates the need for the user to remember another set of credentials, and eliminates the need to provision and manage accounts in the EMS. McAfee ESM supports authentication via a number of different enterprise authentication sources. The one most commonly used is Active Directory. In this walkthrough we'll outline the process to connect your SIEM to AD for login authentication.
To enable AD Login Authentication:
- Identify or create an AD group that you would like to use to control access to the SIEM. Ensure all users that you would like to have access to ESM are members of the designated AD group.
- Create an ESM group. Log into ESM as the NGCP user. Open the Users and Groups management screen in ESM (System Properties/Users and Groups). Create a new User Group in ESM with the exact same name as the designated group in AD.
- Enable your desired set of permissions for your users within the ESM User Group you have created. Pay special attention to Privileges and Devices tabs. For initial testing, you might choose to be fairly liberal with your permissions here. Feel free to repeat steps 1-3 for additional groups, if you have multiple groups (perhaps with different permissions) that you’d like to enable. You can always add additional groups in the future if desired.
- Enable AD authentication. Select System Properties/Login Security. In this tab, click Add to create the definition for your Domain Controller. Enter your Domain Name, and click Add to enter AD address information:
Apply changes and then close the AD dialog.
- Test authentication. Open the web interface to ESM in another browser window. Authenticate with your Microsoft Windows domain credentials (in a simple one-AD configuration like we have, there is no need to provide the domain name). You should find that you are transparently authenticated to ESM, with the proper permissions associated with your group. If you examine the list of users in System Properties/Users and Groups, you should find that a new user account was transparently provisioned in the ESM, with the proper group membership applied.
IMPORTANT NOTE: Once AD authentication is enabled, you will not be able to login to ESM with local user accounts. The only local user account that will remain accessible will be NGCP.