Rule ID
SV-279444r1192356_rule
Version
V1R1
CCIs
Without conforming to FICAM-issued profiles, the information system may not be interoperable with FICAM-authentication protocols, such as SAML 2.0 and OpenID 2.0. This requirement addresses open identity management standards.
Confirm the Nutanix VM application server Prism Element is configured to accept FICAM-approved third party credentials. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to Authentication settings. 4. Verify a SAML-based identity provider is configured. If a SAML-based identity provider is not configured this is a finding.
Configure the Nutanix VM application server Prism Element to use FICAM authentication. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to Authentication settings. 4. Select the "Configure SAML Authentication Account" check box, and then do the following in the indicated fields: a. Select the authentication directory that contains the CAC users to authenticate. This list includes the directories that are configured on the Directory List tab. b. Service Username: Enter the username in the username@domain.com format that you want the web console to use to log in to the Active Directory. c. Service Password: Enter the password for the service username. d. Click "Enable CAC".