Versions Compared

Old Version 7

changes.mady.by.user Chris Smith

Saved on

compared with

New Version 8

changes.mady.by.user The Force

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Page title was updated because corresponding version was renamed.

...

To access it, click the gear icon at the top right section of the header. From there, select "Admin". You will then have access the Admin section tabs of ProVision, and will see the Admin Preferences page. Each module area can be accessed by its own sub-tab button, available at the top of the page.

Table of Contents

Video Walkthrough

Widget Connector
width640
urlhttp://youtube.com/watch?v=L4WzGmldEbw
height360

Note: Video at  applies to versions 6.0.0 to 7.0.0. For earlier versions, see Admin Preferences Page Overview (v5.1.0+) .  


Application Settings

License Info

The License page displays current product license details such as Product, Type, Versions, Expiration, Email, and the option to add/update the 6connect License Key(s).

...

To add/update a License Key, paste the key provided into the "Update License Key" box, and click "Update License".

Application Settings

Application Settings is where you provide company specific info that appears in the header and Dashboard.

...

Delete Logs after: The number of days to retain logs.

Backup Settings

For cloud users, regular backups can be set up through the Scheduler. However, prior to imports or other large changes, you may wish to manually perform a backup. 

Backup Location: The backups may be sent to the 6connect cloud, or to a specific server in the Resource system. Select the radio button for the desired location.

Manual Backup - 6connect Cloud:

Select "6connect Cloud" as your backup location, then click on the "Backup Now" button. You will see a success message below the button if successful.

Manual Backup - Alternate Server:

Manual Backup: Alternate Server saves a backup msql dump to a Server Resource already set up in ProVision.

...

Once the connection is confirmed successful, Backups to alternate servers may be scheduled on a recurring basis through the Scheduler, or continued to be performed manually under Backup Settings. 

Backup Settings - Local Installation

Additional settings are available for local installations: 

Expand
titleLocal installations: Click here for additional settings...


Location of mysqldump (Local Installation): This is the location of the mysqldump directory. 

ACP Settings

The ACP Settings area links an ACP instance and login credentials to the ProVision instance, and allows the ACP Workflow Gadget to execute Workflows as the provided user.

...

When done, click "Test configuration" to verify the connection and then "Save Changes". Afterwards, you may proceed to configure the ACP Workflows Gadget to specify Workflows to execute in ProVision.

Logging Options

Remote Log IP: Target IP address that we will send log information to

...

If desired, you may select "Test Connection" to verify the connection before clicking "Save Changes".

Authentication Settings

Authentication options are accessed by clicking the "Authentication" sub-tab at the top of the Admin Preferences page.

...

Four authentication types are available for ProVision: Radius, LDAP, SAML, and DUO Mobile. 

General Settings

Maximum Session Idle: This setting (minutes) controls how long a session can stay idle before being forced to log in again.


Remote Authentication Tester

The Remote Authentication Tester checks Radius / LDAP settings for a user.

...

Password: Password for the user you are testing. 



Authentication Options

Four authentication types are available for ProVision: Radius, LDAP, SAML, and DUO Mobile. To view settings for each, select the authentication type from the list at the left of the module.

RADIUS authentication options (local install only)

Note: For implementation details, go here.

...

To verify the settings connect, click "Test Radius Configuration". When done, click "Save Changes".

LDAP authentication


Note: For implementation details, go here.

...

Mapping Permissions to 6connect schema: To integrate 6connect permissions with your existing directory structure then you will need the 6connect schema. It should snap in with any existing LDAP structure and allow you to assign 6connect permissions to your existing users. You can download a copy of the schema from this section.

SAML authentication

SAML is a Single Sign On (SSO) authentication method that uses an external identity provider to authenticate a user at their first login, saving a token to the user's browser that is then used for subsequent logins, so that the user does not need to re-submit credentials. 

SAML Setup

Before configuring SAML in ProVision, you must have an account set up with an Identity Provider (IdP) and ProVision users / groups set up in the IdP.

Expand
titleSetting up SAML Authentication

Set up the IdP

To use SAML authentication, you will need SAML set up for your instance with an Identity Provider (IdP), such as Microsoft ADFS, OneLogin, Elastic SSO, or others. You can view a list of available SAML IdPs at Wikipedia's SAML based products page.

Users and Permissions:

User credentials will need to be created and associated with ProVision permission group names via the IdP. All user creation, management and permissions handling occurs via the IdP, externally from ProVision.

Configure SAML in ProVision

ProVision setup for SAML is located in AdminAdmin Settings → Authentication Options.

Under SAML Configuration:

Enable SAML authentication by clicking the checkbox next to "Enable".

The following fields are required and will need to be obtained from the IdP:

  • User Attribute(Required):
  • Group Attribute(Required):
  • IdP Metadata(Required):

Under SAML Service Provider Configuration:

  • Sign logout request:
  • Sign redirect request:
  • Unencrypted Assertions from IdP Will be rejected:
  • Private Key:
  • Certificate (Required):

Links are provided below the configuration settings for the ProVision SP Metadata file in php and xml format, which will be needed to provide to the IdP.

You can test the configuration by clicking the "Test SAML Configuration" button, a new page will open giving health check information for your provided attributes.

SAML Login

Once the correct configuration has been established and users set up for SAML in the IdP, users will be able to use SAML logins.

Expand
titleLogging in with SAML


Info

Documentation Note: Depending on the IdP used, some screens may appear different from what is shown here.

Initial Login:

The initial login process occurs for the first time a user logs in, and anytime afterwards if the browser token is not present (e.g., cookies are cleared from the browser, the browser closed, or a new browser is used).

From the ProVision login page, select SAML from the authentication options dropdown - you do not need to enter Username or Password.

You will be redirected to the IdP site as set up in the Admin Configuration - here, we are using Microsoft ADFS (Active Directory Federation Services).

Log into the IdP site using your SAML credentials, and click "Sign In".

If the sign in is successful, you will be logged into the ProVision home page.

Subsequent Logins:

After the initial login via the IdP (as long as the auth token is present) users will be able to login to ProVision simply by selecting the "SAML" options from the ProVision login page without entering credentials.

The auth token may be destroyed or not available if browser cookies have been cleared, a different browser used, or the browser fully closed, depending on security settings. In these cases, the user will need to sign in again via the IdP.


DUO Mobile


To use DUO Authentication, an account must first be set up with DUO.

...

Info

If you need to disable DUO Mobile authentication from ProVision from outside of the GUI, a command-line disable tool is available. Run:

Code Block
php tools/disable_duo.php 



DNS Settings

DNS Settings are accessed by clicking the "DNS" sub-tab at the top of the Admin Preferences page.

DNSSEC Settings

If using DNSSEC, select whether to enabled DNSSEC local signing, or sign zones by dnssec-tools, then enter the following information:

...

Info
titleAdditional Entropy

If delays occur due to lack of available entropy on servers, see the following article on how to set up additional entropy using haveged here:

 https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged 

DNS Dynamic Update Settings

Dynamic Update via nsupdate: Toggle to "On" if you wish to use Dynamic Updates via nsupdate, instead of ProVision's internal implementation.

...

Records Limit : The limit for the number of records a zone may have for a zone to process a backup. If the records count exceed this number, zone backups will be omitted at zone push.

DNS Import Settings

Keep Import File: Toggle to "on" if you wish to retain the zone import file inside the zone.

DNS Push Settings

Enable DNS Push Lock: If enabled on push, ProVision will check if there is ongoing push and throw an error.

...

Clear Push Queue: Clears the current push queue.

DNS Cache Settings

Enable DNS Cache for Modules and Group: Toggle to "on" prior to push if you wish to cache the servers and views in advance.

Enable DNS Cache for Zones per Group: Toggle to "on" prior to push if you wish to cache the Zones Views Linkage.

DNS Server statistics

Enable DNS Server statistics for snmp: Toggle to "on" and it will gather information about zone pushes for each server.


Peering Settings

Peering Settings are accessed by clicking the "Peering" sub-tab at the top of the Admin Preferences page.

...

PeeringDB Account: Click the "change" link to input PeeringDB account credentials. PeeringDB account information is required to retrieve and update peering information. Enter a valid PeeringDB account Username and Password. When done, click the "Test" button to verify the account, and save. 

Templates

Email Templates are accessed by clicking the "Templates" sub-tab at the top of the Admin Preferences page.

...