2.7.1 Building a configuration system that uses JP1 authentication
To build a configuration system that uses JP1 authentication, register JP1 users on the JP1/Base authentication server, and then set a JP1 resource group and JP1 permission level for each JP1 user. Next, install JP1/IT Desktop Management 2, and then set up JP1/Base user management in the User Management Settings view.
The procedure for configuring the system is described below. For details about the setup procedures to be performed on the authentication server, see the JP1/Base User's Guide.
-
In an environment where Windows firewall is enabled, specify the settings so that the JP1/Base authentication server can connect to the management server.
Specify the settings on the authentication server so that port 20240 is used.
-
If the version of JP1/Base is 11-10, update the access permission level file of JP1/Base.
Copy the file from the installation folder of JP1/IT Desktop Management 2, and then overwrite the access permission level file of JP1/Base with the copied file. After that, execute the jbsaclreload command on the JP1/Base authentication server to apply the update.
- Source of the file to be copied
-
When the authentication server uses Windows:
installation-folder-of-JP1/IT Desktop Management 2 - Manager\mgr\conf\JP1_AccessLevel.1110Windows
When the authentication server uses UNIX:
installation-folder-of-JP1/IT Desktop Management 2 - Manager\mgr\conf\JP1_AccessLevel.1110UNIX
- Destination of the file to be copied
-
When the authentication server uses Windows:
installation-folder-of-JP1/Base\conf\user_acl\JP1_AccessLevel
When the authentication server uses UNIX:
shared-folder\jp1base\conf\user_acl\JP1_AccessLevel
-
Check the user accounts to be used in JP1/IT Desktop Management 2, as well as the user ID, password, permissions, and task allocations of each user account.
- Important
-
If you use JP1 authentication, you cannot set an administration scope.
For details about the characters that can be used for user IDs and passwords, see the JP1/Base User's Guide.
The following is an example of the check results:
Role
User ID
Password
Permissions
Task allocation
General system administrator
Account01
********
-
system management authority
-
user account management authority
Entire system
System administrator A in the development department
Account02
********
system management authority
-
Security management
-
Asset management
-
Device management
System administrator B in the development department
Account03
********
system management authority
Device management
-
Determine the name of the JP1 resource group to be configured for the JP1 user account to be used in JP1/IT Desktop Management 2.
Specify the JP1 resource group name in 1 to 64 bytes. You can use single-byte alphanumeric characters and the following symbols:
exclamation mark (!), hash mark (#), dollar sign ($), percent sign (%), ampersand (&), single quotation mark ('), left parenthesis ((), right parenthesis ()), asterisk (*), hyphen (-), period (.), at mark (@), backslash (\), caret (^), underscore (_), grave accent mark (`), left curly bracket ({), right curly bracket (}), and swung dash (~)
- Tip
-
You can configure one resource group for each management server. In a multi-server configuration, you can specify different JP1 permission levels by setting different JP1 resource groups for individual management servers.
-
Register JP1 users on the authentication server, and then specify user IDs and passwords.
-
On the authentication server, set a JP1 resource group and JP1 permission level for each JP1 user.
For the JP1 permission level, assign permissions and task allocations according to the check results. For details about the correspondence between JP1 permission levels, and the permissions and task allocations in JP1/IT Desktop Management 2, see 2.7.4 Correspondence between JP1 permission levels, and the permissions and division of work responsibilities in JP1/IT Desktop Management 2.
-
Install JP1/IT Desktop Management 2 - Manager.
-
Set up JP1/IT Desktop Management 2 - Manager. In the User Management Settings window, select Manage users by using JP1/Base, and then specify a JP1 resource group.
- Important
-
To run JP1/IT Desktop Management 2 in a cluster system, you must specify the same logical host name when configuring the JP1/Base cluster environment and when configuring JP1/IT Desktop Management 2 - Manager.