Configure the Kerberos Security Provider Settings

Configure the Kerberos Server Settings

Name

This field displays the name you assigned to this configuration.

Service Type

This field displays the service type you selected on the previous page.

Server Type

This field displays the type of server for which you are configuring this connection.

Keep Display Name Synchronized with Remote System

If this option is selected, the display names of users authenticating against this security provider will always match the display names pulled from the directory store. If this option is deselected, display names can be edited locally on the Bomgar Appliance.

User Handling Mode

Allow all users – Allows anyone who currently authenticates via your KDC to authenticate to your Bomgar Appliance.

Allow Only User Principals Specified in the List

Allow only user principals specified in the list – Allows only specified user principals to authenticate to your Bomgar Appliance.

 

Allow Only User Principals That Match the Regex

Allow only user principals that match the regex – Allows only user principals who match a Perl-compatible regular expression (PCRE) to authenticate to your Bomgar Appliance.

SPN Handling Mode

Allow Only SPNs Specified in the List

Allow all configured Service Principal Names (SPNs) for this security provider or select specific SPNs from a list of currently configured SPNs.

Strip the Realm from Principal Names?

Select this option to remove the REALM portion from the User Principal Name when constructing the Bomgar username.

Default Policy

Each user who authenticates against an external server must be a member of at least one group policy in order to authenticate to your Bomgar Appliance, logging into either the /login interface or the representative console. You can select a default group policy to apply to all users allowed to authenticate against the configured server.

Note that if a default policy is defined, then any allowed user who authenticates against this server will potentially have access at the level of this default policy. Therefore, it is recommended that you set the default to a policy with minimum privileges to prevent users from gaining permissions that you do not wish them to have.

Note: If a user is in a default group policy and is then specifically added to another group policy, the settings for the specific policy will always take precedence over the settings for the default, even if the specific policy is a lower priority than the default, and even if the default policy's settings are set to disallow override.

Click Add Server to save this security provider configuration.