The SMA appliance supports the definition and use of multiple authentication servers. A realm references one
or two authentication servers and determines which access agents are provisioned to your users and what End
Point Control restrictions (if any) are imposed. See Users, Groups, Communities, and Realms for more about
Following are examples of using multiple authentication servers referenced by realms:
Chained authentication (two authentication servers)
Example: RADIUS with Token/SecurID and LDAP with username/password
Users logging in to a realm are authenticated against two servers. You can configure AMC so that users
see only one prompt. See Configuring Chained Authentication for details.
Use different servers to handle authentication and authorization
Example: RADIUS with Token/SecurID and Active Directory (for group information)
The user authenticates against one repository, and then the user’s group information is passed from a
second one. For more information, see Enabling Group Affinity Checking in a Realm.
Multiple credential types and a single authentication server
Example: RADIUS with username/password and RADIUS with Token/SecurID
Suppose your company employees log in with username and password, but the employees of your
call-center log in with SecurID tokens. You could create an employee realm and a callcenter realm, each
referencing the appropriate credential type and RADIUS server.
Multiple instances of the same directory/authentication method using different back-end servers
Example: Two RADIUS/password instances using different RADIUS servers
In this case you would define two authentication servers, each with the appropriate server information.
Multiple instances of the same directory/authentication method on the same server, configured
Example: Two instances of LDAP with username/password on the same server but using different search
In this case each realm would search a different subtree within the directory. For example, suppose
Partner A is in one LDAP subtree and Partner B is in another. You could define a partnerA realm and a
partnerB realm, each configured with the appropriate search base.