Configuring the choice of authentication service

Last Updated : Jan 14, 2025 |

About this task

Use this procedure to set the authentication methods CMS supports for CMS user and superuser access.

Before you begin

  • If you intend to use an enterprise authentication service for CMS web client access, complete the registration of the CMS application with the enterprise authentication service. You will require information from that registration for CMS configuration.

Procedure

  1. Log in to the CMS server as a root user.
  2. Open the /opt/cmsweb/data/login.properties file in a text editor.
  3. To set the authentication method CMS uses for the cms and cmssvc accounts, set the login.superUserOption value as follows:

    login.superUserOption=<authentication service> where:

    • <authentication service> is the choice of authentication service or services using the following values:

      • Password = Use local login for CMS. Also used for CMS web client login unless an enterprise authentication service is selected.

      • Azure = Use the Microsoft Azure enterprise authentication service for CMS web client login.

      • Iam = Use the Avaya Identity and Access Management service for CMS web client login.

      • Okta = Use the Okta enterprise service for CMS web client login.

    • You can enter Password and/or one of Azure, Iam, or Okta.

    • Separate multiple values with a comma. For example: login.superUserOption=Password,Azure

  4. To set the authentication methods CMS uses for users other than cms and cmssvc, set the login.regularUserOption as follows:

    login.regularUserOption=<authentication service> where:

    • <authentication service> is the choice of authentication service or services using the following values:

      • Password = Use local login for CMS. Also used for CMS web client login unless an enterprise authentication service is selected.

      • Azure = Use the Microsoft Azure enterprise authentication service for CMS web client login.

      • Iam = Use the Avaya Identity and Access Management service for CMS web client login.

      • Okta = Use the Okta enterprise service for CMS web client login.

    • You can enter Password and/or one of Azure, Iam, or Okta.

    • Separate multiple values with a comma. For example: login.superUserOption=Password,Azure

  5. To have CMS use a proxy to connect to the server for token authentication:
    1. Set the login.useProxy variable to yes.
    2. Set the login.proxy variable to the URL of the proxy. For example: login.proxy=http://proxy.glb.avayacloud.com:50443
  6. If you selected any of the enterprise authentication services, you also need to configure CMS variables for connection to that authentication service:
  7. Restart the web client process using the cmsweb stop and cmsweb start commands.

    • Restarting the web client process ends all active logins but does not require CMS downtime. CMS applies the login.properties file changes when users log in again.

Related information
Enterprise login authentication