How to Configure IGEL UMS As Identity Broker

You can use the IGEL Universal Management Suite (UMS) as identity broker for IGEL OS 12 devices. With this configuration, users of IGEL OS 12 devices can login to the company Active Directory (AD) through the UMS even if they are outside of the company network. You need to connect the AD to the UMS and configure devices as described below to use the UMS as identity broker.

Prerequisites

To use the UMS as an identity broker for OS 12 devices, you need the following:

• You need to have an IGEL OS Edition in place that includes the license. For details, see https://kb.igel.com/en/igel-subscription-and-more/current/igel-os-editions .

• IGEL OS version 12.6.1 or higher

• IGEL UMS version 12.07.100 or higher

Overview

When the UMS is configured as identity broker, users are authenticated with their AD credentials through the UMS:

1. The user of the IGEL OS 12 device types in the AD credentials in the login screen.

2. The credentials are forwarded through to the IGEL UMS.

3. The UMS executes a login in AD.

4. If the login is successful, the user gets access to the device.

The authentication also works if IGEL OS 12 devices are connected to the UMS through the IGEL Cloud Gateway (ICG).

Connect Active Directory to the UMS

To connect an AD to the UMS, proceed as follows:

1. Go to UMS Administration > Active Directory/LDAP in the UMS Console.
   

2. Configure the Active Directory connection. For details, see Configuring an AD Connection .
   Your Active Directory is now connected to your IGEL UMS and is listed under Active Directory domains.

Other LDAP servers (Novell eDirectory, OpenLDAP etc.) cannot be used for user authentication purposes.

Configure the IGEL Device

You can configure the settings from the IGEL Universal Management Suite (UMS) via a profile or directly in device settings.

For details on how to create a profile, see How to Create and Assign Profiles in the IGEL UMS Web App .

1. In the profile/device configuration go to Security > Logon > UMS as Identity Broker.

2. Enable the Login with UMS as Identity Broker option.

3. Configure other options according to your needs. For more information, see UMS as Identity Broker with IGEL OS 12.

4. Assign the profile to the devices. For details, see How to Create and Assign Profiles in the IGEL UMS Web App .

Once the profile is assigned to the IGEL OS device, the user has to enter the AD credentials in the login screen and lock screen after a reboot.