Yes, it's possible to use Active Directory to authenticate your KVM connections. You will need to select both Active Directory Integration and Access Control List in your SCS profile. Then in the ACL section give your Active Directory user or group the necessary access rights.
For more information about this download Intel SCS and look through the Intel SCS User Guide.
I can only connect to KVM if I grant permission "PT Administration" directly to user account.
If I grant this permission to a group (which includes my user account), I can't connect to KVM.
Is there possibility to grant permission for an AD group for connect to KVM?
Granting permissions to an AD group instead of a single user is possible. Just make sure that you are logged into the computer initiating the KVM connection with a user from that AD group. Also, if you're using RealVNC Viewer Plus to initiate the connection, verify "Use single sign-on if VNC Server supports it" is checked.
I really logged into the computer initiating the KVM connection with a user from AD group which has "PT Administration". And "Use single sign-on if VNC Server supports it" is checked. But I get error: "The user account [Intel(r) AMT: RemoteID 35] does not have the relevant permissions to access the AMT server."
I tried klist purge, log off, reboot my client machine but it didn't help.
I noticed that when I grant permission directly to an user, I get two tickets:
But if i grant permission to a group (which contains my user account), I get only one ticket:
But why I haven't received ticket for port 16994? Maybe there are some requirements to this group?
I've recently learned that RealVNC is aware of this issue and is working on an update. The update is scheduled to be released in the early part of October.
As for the 16994 Kerberos ticket, this is for Serial Over Lan and IDE Redirection which is set after you've established a connection to the client. You're not seeing this ticket because you're not able to establish the initial connection.