After you add an administrator account, the user name and password are stored in the Symantec Endpoint Protection Manager database. When the administrator logs on to the management server, the management server verifies with the database that the user name and password are correct. However, if your company uses a third-party server to authenticate existing user names and passwords, you can configure Symantec Endpoint Protection Manager to authenticate with the server.
Table: Authentication methods displays the authentication methods the management server can use to authenticate administrator accounts.
Table: Authentication methods
For the third-party authentication methods, Symantec Endpoint Protection Manager has an entry in the database for the administrator account, but the third-party server validates the user name and password.
To change the authentication method for administrator accounts
Add an administrator account.
On the Authentication tab, select the authentication method.
To authenticate administrators who use an RSA SecurID mechanism, first install the RSA ACE server and enable encrypted authentication for RSA SecurID.
To authenticate administrators using an Active Directory or LDAP directory server, you need to set up an account on the directory server. You must also establish a connection between the directory server and Symantec Endpoint Protection Manager. If you do not establish a connection, you cannot import users from an Active Directory server or synchronize with it.
Synchronization is only possible for Active Directory Servers. Synchronization with LDAP servers is not supported.
You can check whether the directory server authenticates the account name by clicking Test Account.
In the Confirm Change dialog box, type the password that you use to log on to Symantec Endpoint Protection Manager, and then click OK.
When you switch between authentication methods, you must type the administrator account's password.