Securing the System
Your system includes features and settings to help you meet security requirements.
Managing System Access
An administrator can configure G7500 and Studio X series systems to grant access using network accounts that are
authenticated through an Active Directory (AD) server such as the Microsoft Active Directory server. In this case, the
account information is stored on the AD server and not on the room system. The AD administrator assigns accounts to AD
groups, one for the room system admin access and one for user access. For this reason, external authentication is also
referred to as Active Directory authentication.
The room system administrator configures the external authentication settings on the system to specify the address of an
AD Server for authenticating user logins, AD group for user access, and AD group for admin access on the room system.
The system can map only one Active Directory group to a given role.
Users can enter their network account credentials to access the system on the following interfaces:
• Web interface (admin access only)
• Local interface (user and admin role accounts when Require Login for System Access is enabled; admin accounts
when admin-only areas of the local interface are accessed)
When External Authentication is enabled in PKI environments where Always Validate Peer Certificates from Server is
enabled on the system, configure the Active Directory Server Address on the system using the address information that is
in the Active Directory Server identity certificate. This allows the system to validate the identity certificate. As an example,
if the Active Directory Server identity certificate contains its DNS name only, and no specific IP address, configuring the
Active Directory Server Address on the system using the server's IP address results in certificate validation failure, and
consequently authentication failure. The system configuration would have to specify the server by DNS name, in this case,
to successfully match the server certificate data.
The system local user account is disabled when Enable Active Directory External Authentication is enabled. The admin
account is active and usable, however.
Local Accounts
The system stores local account IDs and passwords.
Configure Password Policies
You can specify requirements for administrator, user, remote access, and SNMP passwords for your G7500 and Studio X
series system.
Poly strongly recommends that you create an administrator password for your system. Administrators set password
policies and minimum requirements.
Task
1 In the system web interface, go to Security > Password Requirements.
2 Configure the following settings for the Admin Room, User Room, Remote Access, or SNMP passwords:
Note: You must configure the Admin Room and Remote Access password settings separately.
3 Select Save.
Changes to most password policy settings don’t take effect until the next time the password is changed. Changes take
effect immediately for Minimum Password Age in Days, Maximum Password Age in Days, and Password Expiration
Warning.
Create Local Administrator Credentials
You can require local administrator credentials for in-room and remote access to the G7500 and Studio X series system.
Passwords for logging in to the system are case sensitive and can’t contain more than 40 characters.
Task
48
To Next Page
Loading...
Need help?
General
