Web Servers
This page determines the user authentication method that will be presented to users when they login into the system normally.
Mixed Authentication
In a multi web server deployment, it is possible to specify a different authentication method for each web server. In this scenario, each web server will be an entry point.
If you want to apply the same authentication method to each web server, select 'Apply to all.' This can be helpful when using different entry points into the system from different networks and URLs.
Authentication Methods
The following 4 methods are available for users to manually log into the application. The are additional techniques for programmatic login via the security REST API framework.
- Forms Authentication - the user is prompted for user name and password through an HTML form in the application.
- Basic Authentication - the user is prompted for user name and password through a browser driven pop-up window.
- Windows Authentication - the user is logged into the application automatically ('single sign on' SSO) using the user's Windows account and credentials.
- SAML Authentication - the user is logged into the application automatically by logging into the SAML authentication site and then using that account they are authenticated into Pyramid. If the user is already logged into the SAML provider, they will be directly logged into Pyramid (SSO)
The authentication methods available will adjust in tandem with the Authentication TYPE set in the Access section - since not all methods are compatible with all types. The following tables summarizes these options.
Forms |
Basic |
Windows Auth SSO |
SAML SSO |
|
Database |
● | ● | ||
Active Directory |
● | ● | ● | |
General LDAP |
● | ● | ||
SAML |
◌ | ● |
Notes:
- Windows Auth is only available if the AD provider is used and the user is coming from a Windows enabled device (typically a desktop)
- When using LDAP authentication with multiple domains, the domain should be included with the user's name: domain\user for both forms and basic authentication
Other Authentication Considerations
Windows Authentication and Browser Settings
Windows Authentication also requires special firewall ports to be opened. This often makes Windows Auth inconvenient as a solution outside of the LAN network or connections that cannot be made with VPN.
Security Considerations
Both Forms and Basic authentication use clear text credentials. As such, an SSL certificate and HTTPS protocol is HIGHLY recommended for all websites hosting the application.
To deploy SSL certificates and HTTPS, other HTTP server technologies need to be deployed with the stack. This includes Microsoft IIS for Windows or NGINX (or any other reverse proxy technology).
Programmatic Access
Programmatic authentication is possible using the in-built security APIs. This technique allows developers to grant access to Pyramid without user intervention - providing an extensible, single sign on technique for users to log into the platform.