MKE must be configured to integrate with an Enterprise Identity Provider.

An XCCDF Rule

Description

Configuring MKE to integrate with an Enterprise Identity Provider enhances security, simplifies user management, ensures compliance, provides auditing capabilities, and offers a more seamless and consistent user experience. It aligns MKE with enterprise standards and contributes to a more efficient and secure environment.

ID: SV-260909r1015769_rule
Version: CNTR-MK-000030
Severity: Medium
References: CCI-000015 CCI-000016 CCI-000017 CCI-000044 CCI-000172 CCI-000187 CCI-000192 CCI-000193 CCI-000194 CCI-000195 CCI-000198 CCI-000199 CCI-000205 CCI-000765 CCI-000766 CCI-000767 CCI-000768 CCI-000770 CCI-000795 CCI-001619 CCI-001683 CCI-001684 CCI-001685 CCI-001686 CCI-001814 CCI-001941 CCI-001942 CCI-001953 CCI-002009 CCI-002130 CCI-002132 CCI-002142 CCI-002145 CCI-002238 CCI-002699 CCI-003627 CCI-003938 CCI-004045 CCI-004045 CCI-004061 CCI-004066
Updated: 11 days ago

Remediation Templates

To configure Identity Provider, log in to the MKE web UI and navigate to admin >> Admin Settings >> Authentication & Authorization >> Identity Provider Integration section.

To configure LDAP:
Click the radial button to set LDAP to "Enabled".

In the "LDAP Server" subsection set the following: - "LDAP Server URL" to the URL for the organization's AD or LDAP server (URL must be https).
- "Reader DN" with the DN of the account used to search the LDAP entries.
- "Reader Password" with the password for the Reader account.

Click "Save".

To configure SAML, click the radial button to set SAML to "Enabled".

Enter URL in the "Service Provider Metadata URL" field.

Upload the certificate bundle for the IdP provider in "Root Certificates Bundle".

In the "SAML Service Provider" section, enter the "MKE IP address" in the MKE Host field.

Click "Save".

MKE must be configured to integrate with an Enterprise Identity Provider.

Description

Remediation Templates

A Manual Procedure