IVS Wiki:User Management

From IVS Wiki
Jump to: navigation, search

VALT Authentication Methods – Feature Overview

VALT supports three authentication types:

  1. Local Accounts
  2. Active Directory (AD/LDAP)
  3. SAML/Single Sign-On (SSO).


Below, we’ve broken down the key differences and considerations into categories like Management, Scalability, Reliability, and Security to help guide your decision.


Management & Admin Control

Ease of Setup (Initial Configuration)

Local: Easy to set up. Admins can create accounts directly in VALT with no external dependencies. AD / SSO: Requires IT involvement for initial configuration (e.g., networking, mappings, certificates).


Ease of Ongoing User Management

Local: Admins manage users, passwords, and groups within VALT. Great for hands-on control but becomes tedious at scale. AD / SSO: User updates are handled in external systems. Changes are centralized but require coordination with IT.


Group Management Within VALT

Local: Full manual control—admins can create groups and assign users directly. AD / SSO: Group membership is controlled externally. VALT reads and enforces group assignments from AD or the SSO provider.


Test Account Creation

Local: Admins can create test users easily for troubleshooting or permission checks. AD / SSO: Test accounts require setup in the external system (or can't exist without real credentials), making this harder.


⇧ Back to Top


Scalability & Flexibility

Scalability for Larger Orgs

Local: Not scalable. Every account must be added and maintained manually. AD / SSO: Designed to scale. Easily supports hundreds or thousands of users by syncing existing data from your org’s directory.


Use of Existing Org Logins

Local: Requires unique credentials for VALT. AD / SSO: Reuses org credentials, reducing password fatigue and support tickets.


Custom Attributes & Extended Info

AD / SSO: Can pull in extra user info (e.g., department, title) from the directory for reporting or automation. Local: Limited to basic user info.


⇧ Back to Top


Security & Access Control

Password Management

Local: Admins reset passwords manually. AD / SSO: Passwords are managed externally; changes apply instantly to VALT access.


Just-in-Time Provisioning (SSO only)

SSO: VALT creates the user account upon first login based on info provided by the Identity Provider. Admins don’t need to pre-create users.


Access Deactivation

AD / SSO: Disable access centrally by removing the user from the appropriate group—no need to log into VALT. Local: Must manually delete or deactivate the user in VALT.


⇧ Back to Top


Reliability & Dependencies

Reliance on External Systems

Local: Independent. VALT access continues even if external systems (AD or SSO) are down. AD / SSO: VALT access depends on the availability of external authentication systems.


Network Requirements

AD: Requires specific firewall rules and network connectivity to the LDAP server. SSO: No special network setup needed—authentication happens in the browser.


SSO Requirements

SSO: Needs SSL certificates and accurate time-syncing (NTP). These are standard in most enterprise environments.