Jump to content


Photo

Authentication Options

authentication google directory MDM LDAP agent file

  • Please log in to reply
4 replies to this topic

#1 Rob Christensen

Rob Christensen
  • Members
  • 2 posts

Posted 20 July 2016 - 09:38 AM

Note:  I submitted this to support, but they would not help as we are "not a current customer" but in the testing phase for potential purchase.  So I am turning here for community help.  Any answers would be appreciated.  Thank you

 

 

We are in the midst of testing Barracuda MDM as our solution here at the Iowa Economic Development Authority (IEDA). We have run into an issue that the security office at the State of Iowa will not allow any internal connections to LDAP for authentication, so we are looking for other ways to accomplish this. So we have several questions:
 

  1. Is there an agent available to accomplish this that we can put on a server internally like we do for other cloud products that require authentication against our AD infrastructure?
  2. There is the possibility we could authenticate against a Google Directory as the state is migrating to Google for e-mail. We see it is an option, but there is very little documentation from Barracuda regarding this. Can you provide more documentation or direction? i.e. what rights does the Google user account need when setting up Google Directory in Barracuda MDM, etc.
  3. Last option would be importing a file of users. Obviously I believe this is the least desirable. But again there is little documentation. Can you please explain a bit more how these accounts authenticate (how passwords are handled, etc.)?
  4. Is there any possibility of creating usable accounts provisioned through service such as Okta (cloud based identity management) ?

Thank you!



#2 Joseph Totaro

Joseph Totaro
  • Moderators
  • 24 posts

Posted 20 July 2016 - 01:46 PM

Hi Rob,

If you'd like some general information about Authentication options in MDM please see here: 

https://campus.barra.../MDM/LDAPSetup/

 

Concerning your questions:

 

1) Currently there is not an AD agent available.

 

2) MDM can import users from Google Directory.  When linking Google Directory the linking user must have appropriate permissions to grant access to the directory(read only) and MDM functions.  Barracuda MDM asks for the following permissions:

Admin User Schema Management API (read only)
Admin Group Management API (read only)

Admin Group Members Management API (read only)
Admin Organization Unit Management API (read only)

Admin User Management API (read only)
Admin User Alias Management API (read only)
Admin ChromeOs Device Management API (read only)
Admin Mobile Device Management API

 

3) File import is available via ldif and csv.  See above link for expected csv format.  MDM does not store passwords.  This means that the user will not be able to authenticate during enrollment and the admin will need to manage the user-device associations. 

 

4) Okta is not supported.



#3 Rob Christensen

Rob Christensen
  • Members
  • 2 posts

Posted 20 July 2016 - 02:20 PM

Joseph,

 

Thank you for your reply.  

 

Unfortunately I we won't be able to use Google Directory at this point either as we do not have ability to access the state's Google deployment with those credentials.  And a file import with no passwords would not measure up to the management requirements we need in an MDM.

 

Too bad as I was hoping to go with Barracuda's MDM as it meets all our other requirements and does so in an easy to use interface.  Unfortunately without an AD agent or other authentication method, it will not work for an organization in our position.  

 

Thank you!

 

-Rob



#4 Joseph Totaro

Joseph Totaro
  • Moderators
  • 24 posts

Posted 20 July 2016 - 02:44 PM

Rob,

 

I'm sorry to hear the current options do not meet your requirements.  We will definitely keep this in mind and reply back if anything changes.

 

Joe



#5 Karl Moore

Karl Moore
  • Barracuda Team Members
  • 33 posts
  • LocationNottingham, UK

Posted 29 July 2016 - 08:20 AM

Rob we've raised a task for basic password import as part of CSV/LDIF import.  This should be available in the next release.  There is no release date on this yet.