Add an EOC site using pass-through authentication
Starting with EOC 2019.4, administrators have additional options to choose from when setting up EOC site authentication. Administrators can allow users to log in to EOC by either using a default EOC account, using customized credentials configured in the Orion Manage Accounts section, or using pass-through authentication.
Pass-through authentication expands on the EOC security models, providing a more flexible and scalable configuration. In versions of EOC prior to 2019.4, administrators were required to set up credentials in Orion for each individual EOC user account on a specific site, and, if an account's active directory or SAML credentials changes, update the credentials for individual accounts.
Pass-through authentication is an available option to create a trust relationship between remote Orion sites and EOC users.
Using pass-through authentication
By default, pass-through authentication is turned off. To ensure compatibility with pass-through authentication, SolarWinds recommends that your Orion Platform remote instance is updated to version 2019.4.
The EOC user or group account must be associated with the credentials of an account that can access the SolarWinds site. The privileges granted to this remote instance account determine what site data the user or group members can access in EOC.
To enable pass-through authentication:
- From All Settings > User Accounts > Manage Accounts,
add an individual or SAML/AD group account to EOC.
You do not need to specify account credentials, however the account must exist on your remote Orion site as well.
- Go to Manage SolarWinds Sites, and
add or edit an existing site.
- If enabled for the remote site, the pass-through authentication option is preselected.
When you enable pass-through authentication, EOC maps the current user to the remote Orion site. Upon a successful pairing, EOC queries data from the Orion site according to the account's permission limitations.