Kerberos Keytab: Manage the Kerberos Keytab
Kerberos Keytab Management
Bomgar supports single sign-on functionality using the Kerberos authentication protocol. This enables users to authenticate to the Bomgar Appliance without having to enter their credentials. Kerberos authentication applies both to the /login web interface and to the access console.
To integrate Kerberos with your Bomgar Appliance, you must have a Kerberos implementation either currently deployed or in the process of being deployed. Specific requirements are as follows:
- You must have a working Key Distribution Center (KDC) in place.
- Clocks must be synchronized across all clients, the KDC, and the Bomgar Appliance. Using a Network Time Protocol server (NTP) is an easy way to ensure this.
- You must have a Service Principal Name (SPN) created on the KDC for your Bomgar Appliance.
The Configured Principals section lists all of the available SPNs for each uploaded keytab.
Once you have available SPNs, you can configure a Kerberos security provider from the Security Providers page and define which user principals may authenticate to the Bomgar Appliance via Kerberos.
Export the keytab for the SPN from your KDC and upload it to the Bomgar Appliance via the Import Keytab section of this page.
For more information, please see Two-Factor Authentication Setup Using a Time-Based, One-Time Password (TOTP).