Connecting to Linux Servers

EmpowerID Linux connector allows organizations to bring the user and group data in their Linux systems to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:

  • Create new users

  • Edit user attributes

  • Delete users

  • Create new groups

  • Manage group membership

  • Delete groups

Additionally, EmpowerID provides Provisioning policies or Resource Entitlements that allow you to automatically provision Linux accounts for any person within your organization based on your policy requirements. For more information on Resource Entitlements, see Configuring Provisioning Policies.

This topic demonstrates how to connect EmpowerID to Linux and is divided into the following activities:

  • Connecting EmpowerID to your Linux Server

  • Configuring attribute flow rules

  • Configuring the Linux Account Store

  • Monitoring Inventory

To connect EmpowerID to your Linux Server

  1. On the navbar, expand Admin > Applications and Directories and then click Account Stores and Systems.

  2. On the Account Stores page, click Create Account Store.

     

  3. Under System Types, search for Linux and then click Linux to select the system type .

  4. Click Submit.

    This opens the Linux form, which is where you enter the information needed to connect EmpowerID to the system.

     

  5. Enter the following information in the Linux form:

    • Server — Enter the IP address or the FQDN for the server

    • Name — Enter a name for the account store

    • User Name — Enter the user name for the account EmpowerID should use to connect to the Linux server. This account should be a super user.

    • Password — If you want to use password authentication, enter the password for the above user account.

    • Use Certificate — If you want to use certificate authentication, select this option (check it). Doing so hides the Password field and displays the Certificate and Certificate Password fields.

      • Certificate — Click Choose File and then browse to and select the appropriate certificate.

      • Certificate Password — Enter the certificate password.

         

    • Is Remote (Requires Cloud Gateway) — This setting appears for account stores with local directories, such as Active Directory, LDAP, SAP, etc. When enabled, this tells EmpowerID to use the Cloud Gateway Connection for that account store. The Cloud Gateway Connection must be installed on an on-premise machine. For installation information, please see Installing the EmpowerID Cloud Gateway Client.

  6. Click Submit to create the account store.

  7. EmpowerID creates the account store and the associated resource system. The next step is to configure the attribute flow between the account store and EmpowerID.

Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.

To configure account store settings

  1. On the Account Store and Resource System page, click the Account Store tab and then click the pencil icon to put the account store in edit mode.


    This opens the edit page for the Linux account store. This page allows you to specify the account proxy used to connect EmpowerID to your Linux system as well as how you want EmpowerID to handle the user information it discovers in the Linux system during inventory. Settings that can be edited are described in the table below the image.


  2. Edit the account store as needed and then click Save to save your changes.

Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in Domino to EmpowerID Persons as demonstrated below.

EmpowerID recommends using the Account Inbox for provisioning and joining.