7.1 Configuring User Authentication

You can manage by both device and user (similar to ZENworks Desktop Management). If user-based management is enabled, users are prompted for their credentials and ZENworks Handheld Management authenticates the users using LDAP to log in to the directory.

During installation, you can configure user-based management of all of your handheld devices in your ZENworks Handheld Management system. For more information, see Installing the ZENworks Handheld Management Server in the Novell ZENworks 7 Handheld Management Installation Guide.

You can also configure user-based management by following the procedure in this section to edit the properties of the ZENworks Handheld Management Service object.

NOTE:If you do not want to enable user authentication for all handheld devices in your ZENworks Handheld Management system, you can choose to not enable global user authentication during installation or by following the procedure in this section. You can then configure either the Palm Client Configuration policy or the WinCE Client Configuration policy to target only specific handheld devices or groups of handheld devices.

If user authentication is enabled, the user is prompted for his or her credentials (username and password) the first time the device connects/synchronizes. ZENworks Handheld Management then authenticates the user using LDAP to login to the directory. After the user is authenticated, you can target policies and applications to the user of the handheld device.

The user must enter the credentials only once; ZENworks Handheld Management does not prompt the user for the credentials again. If a user who has been authenticated gives the device to another person, you should reconfigure the user on the device using ZENworks Handheld Management console on the device.

If the device uses the Palm* IP or Windows* IP client to connect, the user-authentication dialog box displays on the handheld device. If the device uses Palm HotSync, the user-authentication dialog box displays on the desktop computer during synchronization.

When the user is prompted for authentication, if he or she clicks Cancel, the handheld device can be managed by device, but user-based management does not function because the user is not authenticated. If the user mis-types the username or password, he or she is immediately prompted for the credentials again.

NOTE:There are two places in ZENworks Handheld Management where users can be required to enter a password: to authenticate to the directory as part of the Palm Client Configuration policy and to power on a handheld device as part of the Palm Security policy. These two passwords are independent of each other. For more information about the password users must enter to power on a device, see Palm Security Policy.

To configure user authentication for all handheld devices in your system after installation:

  1. In Novell ConsoleOneĀ®, right-click the ZENworks Handheld Management Service object, then click Properties.

  2. Click the User Authentication tab.

    Properties of the ZENworks Handheld Management Service object User Authentication page
  3. Select the Enable User Authentication on Handhelds check box.

    Checking this option forces all managed handheld devices to prompt users for user credentials when the handheld device connects/synchronizes. After user credentials are entered, the ZENworks Handheld Management Access Point (on the ZENworks Handheld Management Server or on another machine) authenticates the user with the directory.

  4. Click Add to open the Select Objects dialog box.

  5. Specify the containers that the ZENworks Handheld Management Access Point should search when authenticating users, then click OK.

    Be aware that subcontainers are not searched. You must specify each user container or subcontainer individually.

  6. Click the General tab, then click Scan Now to immediately force a scan so that the changes you made to the Service object are sent to the ZENworks Handheld Management Server.

  7. Click OK.