Our SAS VA located on UNIX Environment. currently we are using AD for authenticate a group of people(Eg: UK users). Another group(Eg: US users) of users need authenticate and access the SAS applications, But they are not present in current AD that we are using and present in a LDAP server. So, is this possible to implement both the authentication processes in sasv9_usermods.cfg (both AD and LDAP)?
/*-----------------Active Directory Authentication---------------------- */
/* Environment variables that describe your Active Directory server */ -set AD_HOST myhost /* Define authentication provider */ -authpd ADIR:mycomapny.com -primpd mycompany.com
/*------------------------LDAP Authentication--------------------------- */
/* Environment variables that describe your LDAP server */
-set LDAP_HOST myhost
-set LDAP_BASE "ou=emp, o=us"
/* Define authentication provider */
or is there any other way to achieve this? please suggest.
Thanks in advance
See the How to Configure Direct LDAP Authentication, Multiple LDAP Servers section in the SAS 9.4 Intelligence Platform: Security Administration Guide.
You could also talk to your sysadmin about the possibility of configuring your UNIX platform for authentication against multiple providers and just leave SAS to do host authentication.
thanks for your reply.
"You could also talk to your sysadmin about the possibility of configuring your UNIX platform for authentication against multiple providers and just leave SAS to do host authentication". could you please elaborate this point in more detail?
I mean that you could consider shifting the burden of authenticating users across multiple providers from the SAS platform layer to the operating system platform layer. If you can configure the UNIX server, where your metadata server runs, to authenticate against multiple providers (and it is appropriately aligned with your IT security policies) then SAS can be configured for simple host authentication. An example could be using SSSD with multiple domains.
Another possibility with VA is to shift the authentication to the mid-tier, where there are many authentication configuration options, then use (Trusted) Web Authentication possibly in combination with SAS Token Authenticaiton. Have a read through the Authentication Mechanisms section of the SAS 9.4 Intelligence Platform: Security Administration Guide for more background. You may also find the following papers and resources provide you with more ideas:
Since there are lots of options around authentication, without an understanding of your environment, SAS product mix, and business requirements it is hard to give specific advice. I would suggest contacting SAS Professional Services or a SAS Partner in your local region if you need more in-depth assistance.
We are currently using direct active directory authentication model. So my only question now is, is it possible to authenticate sas with both Active Directory and IBM Directory server at the same time. I have read http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n0w8oa3erw568vn192...
which mentions that multiple LDAP servers can be configured. I would like to know if we can configure in such a way that the AD and IBM LDAP server both can be used as authentication providers in the same sas machine.
I have also raised a ticket with technical support regarding this. I would like to understand this topic before sas support contact me. Hence the repeated questions.
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.
Find more tutorials on the SAS Users YouTube channel.