Authentication is the mechanism that governs how users access Pyramid. Pyramid provides an internal authentication mechanism but is usually paired with an external identity provider (IDP) to deliver single sign-on functionality for end users.
Providers and Method
The authentication engine in the application is driven through two key aspects: provider and method. The two settings are largely independent of each other:
- Authentication Method means the process used to verify the identity of a user, device, or system when they log in.
- Authentication Provider refers to the technology that houses user IDs and passwords that will be used to check the credentials of users logging into the platform.
Authentication Methods
Pyramid supports various authentication methods, which are generally unrelated to the provider chosen. This includes Forms authentication, Basic Authentication, Windows Authentication and programmatic authentication (via API).
When the platform is initially installed, forms authentication is deployed by default. After launch, admins can change the method as needed.
Windows authentication is usually only operational with Microsoft IDP technologies
- Click here for details about authentication method configuration.
Authentication Providers
Pyramid supports four types of authentication providers: one internal ("database") and three external (LDAP, SAML and OpenID). For the external options, specific vendors are supported as well as "generic" options. The external options all require specific configurations to be operational. Many also support user provisioning - which allows for deeper integration between Pyramid and the IDP.
Internal Database IDP
By default, Pyramid is installed with internal database authentication, which requires little configuration. An initial user is created with enterprise administrative rights during the installation of the platform using the user ID and password supplied.
External IDP's
Admins can switch to an external identity provider (IDP) for authentication. These cover various technologies and vendors:
- LDAP: Microsoft Active Directory, Azure Active Directory, Open LDAP
- SAML: Azure, Okta, Ping, Google, AWS, MS Active Directory Federated Services
- OpenID : Azure, Okta, Ping, Google
Both SAML and OpenID also have "generic" options for vendors not explicitly supported.
Note: All external authentication providers are not available in the Community Edition.
- Click here for more details on setting up and switching providers (both internal and external)