It can happen that several iba products distributed throughout the company need to access the data of an ibaHD-Server, but are located in different domains. The following describes how you can enable cross-domain access using the two domains business-domain and automation-domain. In the example, there is an ibaHD-Server and an ibaPDA in the business-domain, and an ibaAnalyzer client is integrated in the automation-domain.
Prerequisites:
-
A so-called domain trust must exist between the domains.
-
DNS resolution must work on both sides, i.e. both domains must be able to resolve each other.
Create a group in the domain of the ibaHD-Server
First create a group in the Active Directory user and group management in the business-domain in which the ibaHD-Server is located, e.g. ACL_ibaHD.
The group must have the following characteristics:
-
Group area: Local (in domain)
-
Group type: Security
Add users from the second domain
Add the users from the second domain automation-domain who are to be granted access to the ACL_ibHD group you have just created. Make sure that you have selected the correct domain in the user search.
Store group on the ibaHD-Server
Store the ACL_ibaHD group in the user administration of ibaHD-Server. To do this, first link the business-domain to the system.
Then add the group using the corresponding option.
Test access
Finally, test the access by successfully logging in from both systems (ibaAnalyzer client and ibaHD-Server) and accessing the ibaHD-Server.
