A new Flexera Community experience is coming on November 25th. Click here for more information.
How does FNMS Authenticate user from active directory?
Since the passwords are not part of the objects that are brought in via the adldap, how does FNMS verify that the details the user is logging in with are correct?
We have had instances where access is granted to accounts brought in via a beacon (AD) but they still could not log in to the FNMS portal.
Mar 04, 2022 07:31 AM
Hi @sibusison7 ,
I assume you are using FNMS OnPremise. After AD connection on the beacon brings in the users, you need to create the account for users that should be accessing FNMS. Here is the documentation link for it: https://docs.flexera.com/FlexNetManagerSuite2021R1/EN/WebHelp/index.html#tasks/Accounts-Create_Acc_onPrem.html
You will see the following in the documentation link, which will answer your question about how does FNMS authenticate users:
Operators throughout your enterprise may log in to interactive accounts using Windows authentication (using the accounts saved in Active Directory); or, if your enterprise has implemented single sign-on with a SAML 2.0-compliant tool, authentication may use your chosen identity provider, such as Okta. The two modes cannot be mixed.
I hope this helps.
Thanks!
Mar 06, 2022 07:29 AM
Hi,
Thank you for this, and the documentation does help. However we have the accounts created in FNMS and given the standard "Operator" role. in additional to that the windows authentication ports have also been opened, that is 636, 389.
Are there perhaps any additional port that need to be opened?
Mar 12, 2022 02:09 AM
@sibusison7 - What error are your users seeing in their browser when they attempt to access the FNMS web site? What specific browser are they using?
Mar 14, 2022 09:19 AM
That seems to be an invalid URL. The URL that should be used to log into FlexNet Manager will be something like:
https://servername/suite
Mar 14, 2022 09:31 AM
We have tested several links to the application server with the same results.
https://servername/Suite
https://servername/Suite/Management/Dashboard
The 1st link redirects to the dashboard.
Mar 14, 2022 09:40 AM
The first URL is correct. Putting in a URL of https://dcpflexapp01/suite
and then putting in your AD Credentials should launch the Management Dashboard. That is the only entry point into the FNMS Web UI.
Mar 14, 2022 09:51 AM
That is correct. However the Management Dashboard does not launch, instead the login window prompts again.
It there a way that we can perhaps audit the login attempt? we're not seeing anything in the WebUI log either?
Also is there documentation that details how the authentication happens when logging in to FNMS?
Mar 14, 2022 09:59 AM
If you are getting a 401/Unauthorized error, tt likely means may also mean that this specific AD Account has not been properly set up an an operator within FNMS. If you log into FNMS as an Administrator and go to the Account page and search for that AD Account, do you see it listed as an Account within FNMS and has it been assigned to an FNMS Security Role?
If the logon prompt in the browser is popping up again, that normally means that the Logon/Password credentials being entered into the browser are not being accepted by Active Directory.
Mar 14, 2022 10:04 AM
@sibusison7 I also faced this issue, I enabled Anonymous authentication on iis later didn't get to see this again.
Aug 23, 2022 08:10 AM
@kclausen I'm having a similar issue, and the account has administrator privileges also. The user is unable to login via chrome (it prompts for login and doesn't accept the credentials) however, can login using Edge but everytime the page refreshes, it asks for the login (and closing the login screen works but annoys the user). Kindly advise.
I understand that with the Windows authentication enabled and the account with the appropriate role if login using any browser, the windows authentication takes the default local credentials and automatically log the user without prompting for the credentials.
Aug 23, 2022 06:08 AM