- Q. Can I integrate AM with Microsoft® Sharepoint®?
- Q. Can I integrate AM with Outlook Web Access?
- Q. Can I use Facebook®, Google® or LinkedIn® for social authentication in AM?
- Q. Does AM work with other authenticator apps such as Google Authenticator?
- Q. Is AM FIPS 140-2 compliant?
- Q. Does AM integrate with the Spring Security framework?
- Q. Can I use Cisco® Unified Communications Manager with AM?
- Q. Does AM support PostgreSQL®?
A. Yes you can. See the following links for further information:
There is a known limitation with Agents and Kerberos™, which means you would need to log in to AM in order for this to work and you would need to use persistent cookies and password replay. An RFE exists to remove the reliance on password replay: AMAGENTS-187 (Enable Agent Kerberos support by reading ticket from Isa session).
A. Yes, typically integration between AM and Outlook® Web Access (OWA) is achieved using the Password Replay options available via the IIS Web Agent as detailed in Enable Support for IIS Basic Authentication and Password Replay. The documentation only provides an example using Active Directory®; if you use a different user store, you can still use the Password Replay options but should ensure the samaccountname attribute exists in your LDAP server if you require Microsoft Windows logon.
If your users log in to AM via Windows Desktop SSO (Kerberos tokens), the AM Password Replay feature cannot be used since AM does not have access to the users' passwords.
You can also use IG to integrate with OWA. See Get Login Credentials From AM for information to help get you started.
A. Yes, you can integrate AM with third parties such as Facebook, Google and LinkedIn to provide social authentication using OAuth. See the following links for further information:
A. Yes AM does support other authenticator apps such as Google or Microsoft as follows:
- AM 7.1 and later - use the OATH Token Verifier and OATH Registration nodes.
- AM 6.5.3 and later - use the OATH authentication module. There is a known issue prior to AM 6.5.3: OPENAM-16098 (Have FR OATH OTP use removed padded Base32 format for the otpauth).
The ForgeRock Authenticator (OATH) module is not compatible with third-party authenticator apps and you should use the ForgeRock Authenticator app with this module for two-factor verification.
A. ForgeRock supports customers using FIPS 140-2 certified cryptographic modules, which can be used for securing communications (SSL), messages and assertions (for example, SAML assertions, OIDC ID tokens), and credential storage. Most ciphers and other cryptographic algorithms are configurable, and support FIPS-compliant options. ForgeRock can make use of a FIPS 140-2 certified cryptographic module through a standard PKCS#11 interface.
A. The Spring Security framework supports standard OAuth2/OIDC integration, which means it will work with AM. It can also call AM's REST APIs.
A. Yes you can. Cisco actually provides guidance on this in their own documents, and they integrate it with Microsoft Windows and Active Directory.
See Cisco - Single Sign-On for further information.
A. No, PostgreSQL is not supported for the CTS data store, configuration data store or the user data store.
See Directory Server Requirements for further information on the currently supported data stores.