CHAPTER 4: ADMINISTRATIVE FUNCTIONS 395. Click [OK] to save User properties or [Cancel] to close the window without saving.Delete UsersTo delete an existing user, select the user that you wish to delete, right-click on the user icon, and selectDelete User.Remote AuthenticationIntroductionNote to CommandCenter UsersIf you plan to configure Dominion KX to be integrated with and controlled by Raritan’s CommandCentermanagement appliance, this section of the User Manual does not apply to you. When a Dominion KX unitis controlled by CommandCenter, CommandCenter determines the allowed users and groups. Please referto your CommandCenter User Guide.Note to Raritan Customers Upgrading from Previous Firmware VersionsIf you have previously implemented RADIUS authentication on Raritan products such as Dominion KSXand IP-Reach running legacy firmware versions earlier than v3.2, read this entire section carefully.Beginning with firmware version v3.2 and above, the implementation of external authentication haschanged significantly to provide more flexible and powerful configurations.Supported ProtocolsIn order to simplify management of usernames and passwords, Dominion KX provides the capability toforward authentication requests to an external authentication server. Dominion KX supports two externalauthentication protocols: LDAP and RADIUS.Note on Microsoft Active DirectoryMicrosoft Active Directory uses the LDAP protocol natively, and can function as an LDAP server andauthentication source for Dominion KX. If it has the IAS (Internet Authorization Server) component, aMicrosoft Active Directory server can also serve as a RADIUS authentication source.Remote Authentication ImplementationPriorityWhen a user tries to authenticate to a Dominion KX unit that is configured for external authentication,Dominion KX first checks its own internal user database for that username. If the username is not found inthe Dominion KX internal database, the request is forwarded to the external authentication server.• If Username is not found in Dominion KX internal database: Request is forwarded to externalauthentication server to determine whether the login is allowed or denied.• If Username is found in Dominion KX internal database and Password is correct: Login isallowed.• If Username is not found in Dominion KX internal database and Password is incorrect: Login isdenied; the request does NOT get forwarded to the external authentication server.