Posts

Showing posts from July, 2015

Delegating Administration of NetScaler InSight Center to Active Directory group

On my previous article on Delegating NetScaler Administration to Active Directory Group, I described how you could allow members of Active Directory groups to login on NetScalers with their AD credentials.

Now we are going to do the same thing with NetScaler InSight Center.

First of all, we have to setup the external authentication. Login on the InSight Center and navigate to System - Authentication - LDAP and click "Add". Fill in the details of the server like the IP and port and the detailes of the domain.

Now that we have configured the authentication, we have to create the groups on the InSight Center. Go to System - User Administration - Groups and add a group with the same name as the group configured on Active Directory. Assign the permissions you want and hit "Create".

The only thing left is to enable the authentication. Navigate to System - Authentication and click on "Authentication Configuration". Select "LDAP" as the type and then t…

Delegating NetScaler Administration to Active Directory Group

I often get the request to delegate the administration of NetScalers to an active directory group, particularly in very large organizations.

This is very simple procedure but you should be very careful when giving permissions on such devices since a small mistake may lead to serious problems.

Let's get started then...

The first thing you have to do is create an LDAP server. This is the server that the authentication requests are going to be directed to. You should add more than one servers as a best practice. I always create an LDAP (and sometimes an LDAPS) vServer with all the AD Domain Controllers and use that one.

So, to create the LDAP server, navigate to System - Authentication - LDAP, click "Servers" and then "Add". Fill the friendly name, IP address and port of the server (AD server of LDAP vServer) and the details about the domain and then create the server.

Next, you have to create the Authentication policy, click on the "Policy" tab and the…