Configuring Authentication Settings

Configure Password or Kerberos authentication, and enable secure (https) connection through the Vocera Platform Web Console.

  1. Navigate to Authentication in the Security section of the Vocera Platform Web Console.
    The Authentication Settings page appears.
  2. Select Edit in the Authentication Settings page.
    The configuration fields for Authentication Settings display.
  3. Complete the Authentication Settings configuration fields using the information described in the following table.

    Configuration Description
    Use Password

    Select the Use Password checkbox to allow an account password to be used as the authentication method for user access to the Vocera system. This option can be enabled or disabled.

    Before disabling this option, ensure that at least one role has the Advanced Support policy, or an LDAP user is assigned a role with the Advanced Support policy. When no authentication method is selected, the following warning displays:
    Warning: There are no LDAP users with administrative privileges. Disabling password authentication may prevent administration from accessing the Vocera Platform Web Console.
    Use Kerberos

    Select the Use Kerberos checkbox to use this protocol to authenticate user's access to the Vocera system.

    Select Use Kerberos to display the Keys configuration field.

    A message displays to remind you to upload a keytab file.

    Keys

    Select Browse and locate the Kerberos keytab file to apply, then select Upload.

    Review the uploaded keytab entries displayed in the Keys list.

    Trusted Proxy

    Enter the IP address for a Trusted Proxy.

    In a clustered environment when the trusted proxy utilizes an application delivery controller (ADC), such as F5 BIG-IP or Citrix Netscaler, the system must be configured to handle proxied requests made by a trusted proxy.

    By default, incoming requests with the proxy's source IP are rejected. Enter the trusted proxy information in the Authentication Settings to allow the proxy IP to be replaced with the remote client IP of a HTTP workflow device, such as CUCM.

  4. (Optional) Select Use Kerberos authentication. Browse to a stored keytab file and click Upload. See Using a Keytab File for Kerberos Authentication for details on generating a keytab file.

    The Keys section displays the uploaded keytab details.
  5. Select one of the following to exit the Authentication Settings configuration:
    • Select Submit to save your changes to Authentication Settings.
    • Select Cancel to exit without making changes to the authentication configuration.
    A message indicates the configuration success or failure.