Difference between revisions of "Authentication Workflows"

From IVS Wiki
Jump to: navigation, search
 
(17 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
__TOC__
 
{{Article | title = Authentication Workflows | content =
 
{{Article | title = Authentication Workflows | content =
 +
<onlyinclude>
 
There are three different authentication methods that can be used for VALT:  
 
There are three different authentication methods that can be used for VALT:  
  
 
<b>
 
<b>
*Local Accounts
+
*Local Authentication
*LDAP/LDAPS Integration
+
*LDAP Authentication
*SSO Integration
+
*SSO Authentication
 
</b>
 
</b>
  
Any combination of these can be implemented and used at the same time.
+
{{hr}}
 
 
<hr>
 
  
 
<h2>Local Authentication</h2>
 
<h2>Local Authentication</h2>
 
Local accounts are created and assigned to groups within VALT. Local accounts can be created manually or imported from a [[Importing_Users_from_a_file|list]].
 
Local accounts are created and assigned to groups within VALT. Local accounts can be created manually or imported from a [[Importing_Users_from_a_file|list]].
  
{{img - no_click | file = auth_local.jpg}}
+
{{img - resize | file = auth_local.jpg}}
  
<hr>
+
{{hr}}
  
 
<h2>LDAP Authentication</h2>
 
<h2>LDAP Authentication</h2>
 
LDAP accounts can be imported manually using an LDAP search and lookup tool within the software or imported automatically on a schedule based on group.
 
LDAP accounts can be imported manually using an LDAP search and lookup tool within the software or imported automatically on a schedule based on group.
  
{{img - no_click | file = auth_ldap.jpg}}
+
{{img - resize | file = auth_ldap.jpg}}
  
<hr>
+
{{hr}}
  
 
<h2>SSO Authentication</h2>
 
<h2>SSO Authentication</h2>
 
SSO accounts are automatically created when a user logs in for the first time. The user can be placed in the proper group automatically upon login by mapping SSO attributes to a user group within VALT.
 
SSO accounts are automatically created when a user logs in for the first time. The user can be placed in the proper group automatically upon login by mapping SSO attributes to a user group within VALT.
  
{{img - no_click | file = SSO Flow Chart.png}}
+
*VALT's SSO uses <b>Just-In-Time (JIT) Provisioning</b>.
 +
**<em>Users are reevaluated and assigned to groups each time they log in, based on a [[Single_Sign-On_(SSO)#User_Mapping | group membership]] attribute being passed.</em>
 +
*If a user does <u>NOT</u> have a user mapping associated with their account, the user gets moved to "<b>Users without Group</b>" and has restricted access.
 +
*If a user's user mapping changes, they will be moved to the correct group upon their next SSO sign-in.
 +
**<em>Correct mapping is based on the SSO mapping created in VALT and the attribute/pair value being passed from the IdP.</em>
 +
 
 +
{{hr - 2}}
 +
 
 +
{{img - resize | file = SSO Flow Chart.png}}
 +
 
 +
</onlyinclude>
 +
 
 +
{{hr}}
 +
 
 +
[[VALT SSO| &#x293A; Back to VALT SSO Main Page]]
 
}}
 
}}

Latest revision as of 14:13, 1 April 2024

Authentication Workflows

There are three different authentication methods that can be used for VALT:

  • Local Authentication
  • LDAP Authentication
  • SSO Authentication


Local Authentication

Local accounts are created and assigned to groups within VALT. Local accounts can be created manually or imported from a list.

Auth local.jpg


LDAP Authentication

LDAP accounts can be imported manually using an LDAP search and lookup tool within the software or imported automatically on a schedule based on group.

Auth ldap.jpg


SSO Authentication

SSO accounts are automatically created when a user logs in for the first time. The user can be placed in the proper group automatically upon login by mapping SSO attributes to a user group within VALT.

  • VALT's SSO uses Just-In-Time (JIT) Provisioning.
    • Users are reevaluated and assigned to groups each time they log in, based on a group membership attribute being passed.
  • If a user does NOT have a user mapping associated with their account, the user gets moved to "Users without Group" and has restricted access.
  • If a user's user mapping changes, they will be moved to the correct group upon their next SSO sign-in.
    • Correct mapping is based on the SSO mapping created in VALT and the attribute/pair value being passed from the IdP.

SSO Flow Chart.png



⤺ Back to VALT SSO Main Page