User's Manual
Directory Operations
Polycom, Inc. 367
5 If you also wish to implement single sign-on, see the following section
“Allow Delegated Authentication to Enterprise Directory Server”.
Otherwise, click Update.
Allow Delegated Authentication to Enterprise Directory Server
The CMA system Use Single Sign on (Integrated Windows Authentication)
option, allows endpoint users who are included in the enterprise directory to
securely log into their dynamically-managed endpoint without typing in
credentials.
Security Level The level of security on the connection between the
CMA system and the enterprise directory server.
Possible values include:
•Plain—No security on the connection
• LDAPS—The connection is secured over
outbound port 3269 using LDAP-S in a manner
similar to
https
.
If the “Domain Controller: LDAP Server signing
requirements” setting on the Active Directory
server is set to “Require Signing”, then you must
use LDAPS to secure the connection.
• StartTLS—The connection is secured over
outbound port 3268 (the same port as Plain), but
it then negotiates security once the socket is
opened. Some LDAP servers reject any
unsecured transactions, so the first command is
the
StartTLS
negotiation command.
Ignore Disabled
Enterprise Directory
Users
Check this field to have the CMA system ignore
disabled enterprise users in its queries.
Enterprise Directory
Exclusion Filter
If necessary and you understand the filter syntax,
specify other types of user accounts to exclude.
Don’t edit these expressions unless you understand
LDAP filter syntax.
For more information, see “Understanding Exclusion
Filters” on page 361.
Enterprise Directory
Search BaseDN
If necessary and you understand the filter syntax,
specify the top level of the enterprise directory tree
(referred to as the base DN) to search. Don’t edit
these expressions unless you understand the filter
syntax.
For more information, see “Understanding Base DN”
on page 359.
Setting Description