Rublon

Secure Remote Access

By

Last updated on September 1, 2025

The Integrated Dell Remote Access Controller (iDRAC) is a built-in management tool in Dell PowerEdge servers that enables secure, agent-free remote monitoring, configuration, and troubleshooting even when the server is powered off.

Multi-Factor Authentication (MFA) for Dell iDRAC adds an extra layer of security to iDRAC logins. Users must complete both primary (login/password) and secondary (e.g., Mobile Push) authentication. Even if a cybercriminal knows a user’s password, they will not gain access without completing the second step.

Overview of MFA for Dell iDRAC

This documentation describes how to integrate Rublon MFA with Dell iDRAC using the LDAP(S) protocol to enable multi-factor authentication for logins to the controller.

Rublon MFA for Dell iDRAC integrates via the Rublon Authentication Proxy, supporting the LDAP(S) protocol. It ensures that only authorized users can complete the secondary authentication method, denying access to potential intruders.

Supported Authentication Methods

Authentication Method Supported Comments
Mobile Push N/A
WebAuthn/U2F Security Key N/A
Passcode N/A
SMS Passcode N/A
SMS Link N/A
Phone Call N/A
QR Code N/A
Email Link N/A
YubiKey OTP Security Key N/A

Before You Start Configuring MFA for Dell iDRAC

Before configuring Rublon MFA for Dell iDRAC:

  • Ensure you have prepared all required components.
  • Create an application in the Rublon Admin Console.
  • Install the Rublon Authenticator mobile app.

Required Components

1. User Identity Provider (IdP) – You need an external Identity Provider, such as Microsoft Active Directory, OpenLDAP, or FreeIPA.

2. Rublon Authentication Proxy – Install the Rublon Authentication Proxy if you have not already, and configure the Rublon Authentication Proxy as an LDAP proxy.

3. Dell PowerEdge & iDRAC – A properly installed and configured Dell PowerEdge and Dell iDRAC. Tested on Dell PowerEdge R740xd and iDRAC9 Enterprise.

Create an Application in the Rublon Admin Console

1. Sign up for the Rublon Admin Console. Here’s how.

2. In the Rublon Admin Console, go to the Applications tab and click Add Application

3. Enter a name for your application (e.g., Dell iDRAC) and then set the type to Rublon Authentication Proxy.

4. Click Save to add the new application in the Rublon Admin Console.

5. Copy the values of System Token and Secret Key of the newly created application. You will need them later.

Install Rublon Authenticator

Some end-users may use the Rublon Authenticator mobile app. So, as a person configuring MFA for Dell iDRAC, we highly recommend you install the Rublon Authenticator mobile app, too. Thanks to that, you will be able to test MFA for Dell iDRAC via Mobile Push.

Download the Rublon Authenticator for:

Configuring Multi-Factor Authentication (MFA) for Dell iDRAC

Rublon Authentication Proxy

Edit the Rublon Auth Proxy configuration file and paste the previously copied values of System Token and Secret Key in system_token and secret_key, respectively.

2. Config example file in YAML:

log:
  debug: true

rublon:
  api_server: https://core.rublon.net
  system_token: YOURSYSTEMTOKEN
  secret_key: YOURSECRETKEY

proxy_servers:
- name: LDAP-Proxy
  type: LDAP
  ip: 0.0.0.0
  port: 636
  auth_source: LDAP_SOURCE_1
  auth_method: push, email
  rublon_section: rublon
  cert_path: /etc/ssl/certs/ca.crt
  pkey_path: /etc/ssl/certs/key.pem

auth_sources:
- name: LDAP_SOURCE_1
  type: LDAP
  ip: 192.0.2.0
  port: 636
  transport_type: ssl
  search_dn: dc=example,dc=org
  access_user_dn: cn=admin,dc=example,dc=org
  access_user_password: CHANGE_ME
  ca_certs_dir_path: /etc/ssl/certs/

See: How to set up LDAPS certificates in the Rublon Authentication Proxy?

Dell iDRAC

1. Sign in to the Dell iDRAC Web Console.

2. Go to iDRAC Settings → Users and expand Directory Services.

Image showing how to access Directory Services in the Dell iDRAC Web Console.

3. Select Generic LDAP Directory Services and select Enable to turn on the LDAP service.

Image showing how to enable an LDAP directory service in the Dell iDRAC web console.

4. Select Edit to open the Generic LDAP Configuration and Management window.

Image showing how to edit the LDAP directory service in the Dell iDRAC web console.

5. In Certificate Settings:

  • If you are using LDAPS (recommended), set Certificate Validation to Enabled, upload the Directory Service CA certificate, and select Next.
  • If you are using LDAP (not recommended), set Certificate Validation to Disabled and select Next.
Image showing the certificate settings in the Generic LDAP Configuration and Management window.

6. In Common Settings, fill in the fields and select Next. Keep the remaining settings as default, or adjust them as needed. Refer to the following image and table.

Image showing the common settings in the Generic LDAP Configuration and Management window.
Generic LDAPDisabled
Use Distinguished Name to Search Group MembershipEnabled
LDAP Server AddressThe IP address or hostname of the Rublon Authentication Proxy.
LDAP Server PortThe port of the Rublon Authentication Proxy (636 for LDAPS; 389 for LDAP).
Bind DNThe Bind DN (the full LDAP path of the service account, e.g., CN=rublonadmin,OU=Rublon,DC=rublondemo,DC=local) that Dell iDRAC will use to authenticate and access the LDAP directory for querying user information.
This account must have at least the permission to read other users’ attributes.

Note: This Bind DN must be the same as access_user_dn in your Rublon Auth Proxy’s config file.
Bind PasswordDisabled
Base DN to SearchEnter the Base DN from which Dell iDRAC should start searching for users (e.g., ou=Users,dc=my,dc=organization,dc=domain). This must match what the bind account “sees”.
Attribute of User LoginCN

7. In Standard Schema Role Groups, you can define up to 15 user groups and their permissions.

Image showing standard schema role groups in the Generic LDAP Configuration and Management window.

8. Double-click on any of the Role Group rows to edit it. Fill in the fields and select Save. Refer to the following image and table.

Image showing how to edit the standard schema role group.
Group DNThe Distinguished Name (DN) of the Active Directory group, e.g., CN=Rublon,OU=RUBLON,DC=rublon,DC=co.

iDRAC needs this to identify the exact group in AD that maps to iDRAC permissions.
Role Group Privilege LevelThe set of permissions assigned to that AD group within iDRAC. For example, Administrator grants full access.

9. Back in the Generic LDAP Configuration and Management window, select Save to complete your configuration.

Testing Multi-Factor Authentication (MFA) for Dell iDRAC

This example portrays logging in to Dell iDRAC with Rublon Multi-Factor Authentication. Mobile Push has been set as the second factor in the Rublon Authentication Proxy configuration (AUTH_METHOD was set to push).

1. Open the iDRAC Web Console, enter your login and password, and select Log in.

Image showing logging in to the Dell iDRAC Web Console.

2. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.

Image showing a Mobile Push notification received by the user during Dell iDRAC authentication.

3. You will be logged in to iDRAC.

Troubleshooting MFA for Dell iDRAC

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Authentication Proxy

Rublon Authentication Proxy – Integrations