Of the many authentication types that Management and Security Server supports, in this evaluation you will use Windows Active Directory for authentication (to the Administrative Server) and LDAP for authorization.
By using Single Sign-On and your existing identity management system, the user experience will not be disrupted because the user is already familiar with their Windows domain logon.
When users authenticate to the MSS Administrative Server with their Windows domain logon, they have access to the sessions that the administrator makes available to them.
As the administrator:
In the Administrative Console, open Configure Settings - Authentication & Authorization.
Select Single sign-on through Windows authentication.
NOTE:If you do not have access to Active Directory or LDAP, you can leave Authentication set to None; however the business objective for this evaluation will not be met.
On the same page, select the Authorization method: Use LDAP to restrict access to sessions.
Click +ADD to add a server.
Enter your LDAP Server information, with Windows Active Directory as the Server type.
Enter the Single Sign-on through Windows Authentication Configuration (NTLM v2).
Click TEST CONNECTION, and then click OK.