Single sign-on
Users have to provide their username and password only once on any MU and receive access according to their authorization to all functions of all SE Servers, including -> add-ons.
In the case of server-specific LDAP configurations, the login with an LDAP account has to be executed on a MU of the suitable server.
Global session
The session is global or over-arching. The MU can be changed without further authentication in a server-overarching way, for example when starting add-ons.
Requirement: DNS server and LDAP (if necessary) must be available for all MUs.
Example:
Displaying a global session (see the first column) for the (own, highlighted in blue) account johndoe
Global management of accounts
All accounts – local and LDAP – are valid for the whole Management Cluster. They are ready on every MU of every SE Server in the same measure.
Example:
The account johndoe is (centrally) created and managed.
The passwords (for local accounts) and other properties, the multi-factor authentication (MFA) as well as individual rights (for BS2000 operators) are also managed centrally.