8-9
UserGuide for Cisco Digital Media Manager5.4.x
OL-15762-05
Chapter8 Authentication and Fe derated Identity
Concepts
Understand the Requirement to Authenticate Users
Although Cisco DMS always authenticates users, we support three authentication methods.
Embedded authentication is completely native to Cisco DMS. It does not depend on any
external servers.
LDAP authentication causes Cisco DMS products to rely on one— and only one— Microsoft
ActiveDirectory server and a Microsoft Internet Information Server (IIS). Thus, setup and
operation with this method are more complex than with embedded authentication.
Federation mode—also known as single sign-on (SSO) causes Cisco DMS products to rely on a
SAML 2.0-compliant IdP in combination with a Microsoft ActiveDirectory server and IIS. Thus,
setup and operation with this method are more complex than with LDAP authentication.
Note You must choose one of these methods. The method that you use determines which login screen your users will see.
Tip After a user session times out, we prompt the affected user to log in twice.
Migration from one mode to another takes as long as 1 minute to finish (CSCtn22370).
An unresponsive ActiveD irectory server can hang a login prompt for 20 minutes without any error message.
Related Topics
LDAP and Active Directory Concepts, page 8-10
Federated Identity and Single Sign-on (SSO) Concepts, page8-17



EMBEDDED MODE LDAP MODE FEDERATION (SSO) MODE
1
1. When any of your federation servers uses a self-signed certificate, we show your users two SSL warnings during login.
IdP-specific login screen