Set Up Microsoft SharePoint Authentication
Create a Microsoft SharePoint (MS SharePoint) record in order to authenticate to a MS SharePoint database instance, and scan it for compliance. Windows authentication is required so you'll also need a Windows record for the host running the database.
This record type is only available in accounts with PA or SCA and is only supported for compliance scans.
Which technologies are supported?
For the most current list of supported authentication technologies and the versions that have been certified for VM and PA by record type, please refer to the following article:
Authentication Technologies Matrix
How do I get started?
- Go to Scans > Authentication.
- Check that you have a Windows record already defined for the host running SharePoint.
- Create a MS SharePoint record for the same host. Go to New > Applications > Microsoft SharePoint.
Note: If the Network Support feature is enabled, then the Windows record must have the same network selected as the Microsoft SharePoint record.
Tell me about user permissionsTell me about user permissions
Managers can add authentication records.
Unit Managers must be granted these permissions:
- Manage PA module / Manage SCA module
- Create/edit authentication records/vaults
Which IP should I add to my record?
Enter IP addresses for the Microsoft SharePoint targets you want to scan for compliance. Each IP may be included in one Microsoft SharePoint record. We'll auto discover the database instances.
Which login credentials should I provide?
You'll provide login credentials for your MS SQL Server database account. Enter the MS SQL Server username and password. Or choose Vault based to retrieve the password from one of the supported vaults.
To use a vault, go to Scans > Authentication > New > Authentication Vaults and tell us about your vault system. Then choose "Authentication Type: Vault based" in your SharePoint record and select your vault type and vault record. At scan time, we'll authenticate to hosts using the username in your record and the password we find in your vault.
Windows or Database Login Type
Choose the type of authentication you want to perform: Windows or Database. If you choose Windows, provide the name of the Windows domain where the account is stored. The domain name is required because the scanning engine must associate the operating system account with the MS SQL Server database account for authentication.
Choose authentication protocols
Our scanners will attempt authentication to your target hosts using one of the authentication protocols selected in the record, starting with the most secure protocol to the least secure protocol. We support these protocols: Kerberos, NTLMv2 and NTLMv1.
Important Notes for Unit Managers
When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.
Do you have Tag Support enabled?
If your subscription has Tag Support for Authentication Records enabled, then you'll see additional options for specifying hosts using asset tags. Choose an asset type and then provide IPs or tags to the record. Your asset type options are: IPs/Ranges, IP Range in Tag Rule and Asset Tags.
For domain level authentication, you can only add assets when the domain type is NetBIOS, User-Selected IPs. The Assets section is disabled when the domain type is NetBIOS, Service-Selected IPs, or Active Directory.
Asset Type: IPs/Ranges
Use this option to add IP addresses/ranges to the record. Enter the IP addresses/ranges in the field provided.
Asset Type: IP Range in Tag Rule
Use this option to add tags that have IP address ranges defined in the tag rule. All IP addresses defined in the tag rule will be associated with the record, including IPs that don’t already have the tag assigned. Click Add Tag to pick tags to include or exclude. Note that only tags with the dynamic tag rule “IP Address in Range(s)” will be available in the tag selector.
Asset Type: Asset Tags
Use this option to add tags to the record for the assets you want included. IP addresses with the selected tags already assigned will be associated with the record. Click Add Tag to pick tags to include or exclude.
Learn more about tag support for authentication records
