Authentication

Authentication is the mechanism that governs how users will access the application.

The authentication engine in the application is driven through 2 key aspects: provider and method.

  • Authentication Provider - is the data store or repository of user IDs and passwords that will be used to check the authentication credentials of users logging in.
  • Authentication Method - is the technique that the credentials will be captured in the log-in process from the user.

The 2 settings are mostly independent of each other.

Authentication Provider

There are 5 providers operational in the product: the internal database, Active Directory, Azure Active Directory, Open LDAP, and SAML.

  • By default, the application is installed with internal database authentication which requires little configuration. The user created during installation is created in the internal database using the given user ID and password from the installer. This user is initially set as the master user account with enterprise admin rights.
  • To change to Active Directory LDAP ("AD") authentication, Open LDAP, Azure Active Directory or SAML authentication, change the provider in the drop down.

Note: Open LDAP and Azure AD authentication are not available in the Community Edition.

Changing Master Users

On changing the provider to, you must provide the initial settings that will be used in the authentication engine together with an initial master user account that will become the first enterprise user in the new setup.

In recreating a new master account, the old account will be disabled or deleted. As such, it is good practice to switch to the right authentication provider right after system setup.

Note: that if you elect to change back to the internal database as the provider, you will also need to recreate the initial master user account.

Active Directory

To setup an Active Directory, details for the directory are required, as well as the credentials for a domain user that will be used to traverse the directory database. Adding multiple domains is also possible.

  • Click here for details on using and deploying Active Directory

Azure Active Directory with LDAPS

The process for using Azure AD is identical to that of a normal Active Directory, as explain here.

However, there are more steps needed for setting up LDAPS on Azure. These are explained here.

LDAP

To setup an LDAP, details for the directory are required, as well as the credentials for a user that will be used to traverse the directory database.

  • Click here for details on using and deploying LDAP

SAML

SAML provides a federated solution for authentication and will work with all standard SAML providers.

  • For guidance on connecting to standard SAML, click here.
  • For guidance on connecting to Azure SAML, click here.
  • For guidance on connecting to Active Directory Federated Services (AD SAML), click here.