Difference between revisions of "Authentication Workflows"

From IVS Wiki
Jump to: navigation, search
Line 28: Line 28:
 
<h2>SSO Authentication</h2>
 
<h2>SSO Authentication</h2>
 
SSO accounts are automatically created when a user logs in for the first time. The user can be placed in the proper group automatically upon login by mapping SSO attributes to a user group within VALT.
 
SSO accounts are automatically created when a user logs in for the first time. The user can be placed in the proper group automatically upon login by mapping SSO attributes to a user group within VALT.
 
  
 
*VALT uses Just-In-Time (JIT) Provisioning.
 
*VALT uses Just-In-Time (JIT) Provisioning.
**Users are assigned to groups each time they log in, based on the group membership attribute being passed
+
**Users are reevaluated and assigned to groups each time they log in, based on the [[SAML Check List#User_Mapping | group membership attribute]] being passed.
 
*If a user does NOT have a user mapping associated with their account, user gets moved to "Users without Group" and has restricted access
 
*If a user does NOT have a user mapping associated with their account, user gets moved to "Users without Group" and has restricted access
 
*If a user's user mapping changes, they will be moved to the correct group upon their next SSO sign-in
 
*If a user's user mapping changes, they will be moved to the correct group upon their next SSO sign-in

Revision as of 15:41, 27 March 2024

Authentication Workflows

There are three different authentication methods that can be used for VALT:

  • Local Authentication
  • LDAP Authentication
  • SSO Authentication


Local Authentication

Local accounts are created and assigned to groups within VALT. Local accounts can be created manually or imported from a list.

Auth local.jpg


LDAP Authentication

LDAP accounts can be imported manually using an LDAP search and lookup tool within the software or imported automatically on a schedule based on group.

Auth ldap.jpg


SSO Authentication

SSO accounts are automatically created when a user logs in for the first time. The user can be placed in the proper group automatically upon login by mapping SSO attributes to a user group within VALT.

  • VALT uses Just-In-Time (JIT) Provisioning.
  • If a user does NOT have a user mapping associated with their account, user gets moved to "Users without Group" and has restricted access
  • If a user's user mapping changes, they will be moved to the correct group upon their next SSO sign-in

SSO Flow Chart.png