RapidIdentity Product Guide

Appliance Configuration

  1. The RapidIdentity Appliance must be able to resolve your domain through DNS.  Ideally, your appliance will be configured to use your domain controllers for DNS.  Alternatively, you can configure your hosts file to point to your domain, however, your appliance will be limited to using only one domain controller for Kerberos Authentication.

  2. In RapidIdentity Appliance Configuration (idauto-apps), navigate to Core Configuration > Authentication > Kerberos Configuration and configure the following parameters with your values.

    1. Domain: test.local

    2. KDC Address: test.local

    3. Service Principal: HTTP/my.example.com@test.local

    4. Service Principal Password: Configured earlier in step 1 of Active Directory Configuration

  3. In RapidIdentity Appliance Configuration (idauto-apps), navigate to Core Configuration > Authentication and create an authentication policy for Kerberos Authentication

    1. Criteria > Kerberos > Enabled: Checked

    2. Authentication Methods > Kerberos > Required: Checked

      Note

      Additional authentication methods can be enabled (such as TOTP) to provide additional authentication.

In this section: