Secure Global Desktop Administration Guide > Users and authentication > The ENS login authority

The ENS login authority

Overview

The ENS login authority allows users to log in to Secure Global Desktop if they have person objects in ENS and UNIX/Linux accounts on the Secure Global Desktop host.

This login authority is enabled by default.

Logging in

The user types either a common name (for example "Indigo Jones"), a username (for example "indigo") or an email address (for example "indigo@indigo-insurance.com").

Authentication

  1. This login authority searches ENS for a person object with a Name attribute that matches what the user typed. If there's no match, the search is repeated on the Username attribute, and finally on the Email Address attribute.
  2. If no person object is found, the next login authority is tried.
  3. If a person object is found, the Username attribute of that object is treated as a UNIX/Linux username. This username, and the password typed by the user, are checked against the UNIX/Linux user database.
  4. If the authentication fails, the next login authority is tried.
  5. If the authentication succeeds, then the user may log in if the May Log In To Secure Global Desktop attribute for their person object is checked. If this attribute is cleared, the user may not log in and no further login authorities are tried.

User identity

The matching person object in ENS is used for the user identity.

Login profile

The matching person object in ENS is used for the user identity.

Emulator sessions and password cache entries

Emulator sessions and password cache entries belong to the person object.

Related topics