Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Authentication TypeAuthentication PrincipleDescription

Database Credentials

Form-based

Database Credentials authenticates the user with a user name and password that is maintained in the system database. The password hashes are managed securely in the database. When the Database Credentials authentication method is used, password and account locking policies are also managed within the system.

For more information, see Password and user lockout policy

Windows Active Directory (LDAP)

Form-based

The Windows Active Directory (LDAP) uses a simple bind authentication process. The user is identified by the Active Directory and the proof of identity comes in the form of a password. When a more secure method is required, Secure LDAP (SLDAP) can be used.

To configure this authentication mode, see Identity provider - Active Directory.

Windows Active Directory Federation Service (ADFS)

Federated

Windows Active Directory Federation Service (ADFS) authentication is an OpenID Connect (OIDC) based authentication method. OIDC is an authentication method where the user's credentials are held with a third-party identity provider (ADFS) and not within the system. The system verifies the user's identity based on a simple JSON- based identity token which is delivered on top of the OAuth protocol.

To configure this authentication mode, see Identity provider - Active Directory Federation Services.

Microsoft Entra ID

(formerly Azure Active Directory (AAD)

Federated

Microsoft Entra ID (formerly Azure Active Directory (AAD) authentication is an OpenID Connect (OIDC) based authentication method. OIDC is an authentication method where the user's credentials are held with a third-party identity provider (Azure Active DirectoryMicrosoft Entra ID) and not within the system. The system verifies the user's identity based on a simple JSON- based identity token which is delivered on top of the OAuth protocol.

To configure this authentication mode, see Identity provider - Microsoft Entra ID (formerly Azure Active Directory).

Integrated Windows Authentication (IWA)

Federated

Integrated Windows Authentication (IWA) allows users, once they have signed in to Windows, to automatically log in to the system. Password verification takes place during Windows sign in. Upon success, a Kerberos ticket is generated. When the user is authenticated by the system the Kerberos ticket is validated.

To configure this authentication mode, see Identity provider - Integrated Windows Authentication.

JSON Web Token (JWT)Federated

The system can be integrated with customer applications via JSON Web Token (JWT) based authentication to provide a seamless single sign on login experience. Authentication and password verification takes place during signing in to the client application. The system verifies the user's identity based on the information presented in the JWT.

To configure this authentication mode, see Identity provider - JSON Web Token.

Reverse ProxyFederated

Reverse proxy based authentication allows users, once they have authenticated with an authentication server through the proxy, to automatically log in to the system. The system verifies the user's identity based on the information presented in the request from the proxy.

To configure this authentication mode, see Identity provider - Reverse proxy.

OpenID ConnectFederated

OpenID Connect is an open standard identity layer on top of the OAuth 2.0 protocol, it allows third-party applications to verify the identity of the end-user and to obtain basic user profile information. The Verba system only utilizes the Login ID of the authenticated user. Verba supports the Authorization Code Flow.

To configure this authentication mode, see Identity provider - OpenID Connect.

SAMLFederated

Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

To configure this authentication mode, see Identity provider - SAML.

The authentication process is implemented in the Web Application component installed on the Media Repository / Application Server role.

...