You are here:

Web Servers

This page determines the user authentication method that will be presented to users when they login into the system normally.

Mixed Authentication

In a multi web server deployment, it is possible to specify a different authentication method for each web server. In this scenario, each web server will be an entry point.

If you want to apply the same authentication method to each web server, select 'Apply to all.' This can be helpful when using different entry points into the system from different networks and URLs.

Authentication Methods

The following 4 methods are available for users to manually log into the application. The are additional techniques for programmatic login via the security REST API framework.

Forms Authentication - the user is prompted for user name and password through an HTML form in the application.
Basic Authentication - the user is prompted for user name and password through a browser driven pop-up window.
Windows Authentication - the user is logged into the application automatically ('single sign on' SSO) using the user's Windows account and credentials.
SAML Authentication - the user is logged into the application automatically by logging into the SAML authentication site and then using that account they are authenticated into Pyramid. If the user is already logged into the SAML provider, they will be directly logged into Pyramid (SSO)

The authentication methods available will adjust in tandem with the Authentication TYPE set in the Access section - since not all methods are compatible with all types. The following tables summarizes these options.

	Forms	Basic	Windows Auth SSO	SAML SSO
Database	●	●
Active Directory	●	●	●
General LDAP	●	●
SAML	◌			●

Notes:

Windows Auth is only available if the AD provider is used and the user is coming from a Windows enabled device (typically a desktop)
When using LDAP authentication with multiple domains, the domain should be included with the user's name: domain\user for both forms and basic authentication

Other Authentication Considerations

Windows Authentication and Browser Settings

Windows Authentication often requires other settings to be made in the browser to facilitate authentication. Admins should check with each preferred browser to determine how best to enable windows authentication.

Windows Authentication also requires special firewall ports to be opened. This often makes Windows Auth inconvenient as a solution outside of the LAN network or connections that cannot be made with VPN.

Security Considerations

Both Forms and Basic authentication use clear text credentials. As such, an SSL certificate and HTTPS protocol is HIGHLY recommended for all websites hosting the application.

To deploy SSL certificates and HTTPS, other HTTP server technologies need to be deployed with the stack. This includes Microsoft IIS for Windows or NGINX (or any other reverse proxy technology).

Programmatic Access

Programmatic authentication is possible using the in-built security APIs. This technique allows developers to grant access to Pyramid without user intervention - providing an extensible, single sign on technique for users to log into the platform.

Feedback

Couldn't find what I was looking for

Help was confusing, unclear or incomplete

Instructions didn't work