Difference between revisions of "Authentication Workflows"
IVSWikiBlue (talk | contribs) |
IVSWikiBlue (talk | contribs) |
||
| Line 28: | Line 28: | ||
<h2>SSO Authentication</h2> | <h2>SSO Authentication</h2> | ||
SSO accounts are automatically created when a user logs in for the first time. The user can be placed in the proper group automatically upon login by mapping SSO attributes to a user group within VALT. | SSO accounts are automatically created when a user logs in for the first time. The user can be placed in the proper group automatically upon login by mapping SSO attributes to a user group within VALT. | ||
| − | |||
*VALT uses Just-In-Time (JIT) Provisioning. | *VALT uses Just-In-Time (JIT) Provisioning. | ||
| − | **Users are assigned to groups each time they log in, based on the group membership attribute being passed | + | **Users are reevaluated and assigned to groups each time they log in, based on the [[SAML Check List#User_Mapping | group membership attribute]] being passed. |
*If a user does NOT have a user mapping associated with their account, user gets moved to "Users without Group" and has restricted access | *If a user does NOT have a user mapping associated with their account, user gets moved to "Users without Group" and has restricted access | ||
*If a user's user mapping changes, they will be moved to the correct group upon their next SSO sign-in | *If a user's user mapping changes, they will be moved to the correct group upon their next SSO sign-in | ||
Revision as of 15:41, 27 March 2024
Contents
Authentication Workflows
There are three different authentication methods that can be used for VALT:
- Local Authentication
- LDAP Authentication
- SSO Authentication
Local Authentication
Local accounts are created and assigned to groups within VALT. Local accounts can be created manually or imported from a list.
LDAP Authentication
LDAP accounts can be imported manually using an LDAP search and lookup tool within the software or imported automatically on a schedule based on group.
SSO Authentication
SSO accounts are automatically created when a user logs in for the first time. The user can be placed in the proper group automatically upon login by mapping SSO attributes to a user group within VALT.
- VALT uses Just-In-Time (JIT) Provisioning.
- Users are reevaluated and assigned to groups each time they log in, based on the group membership attribute being passed.
- If a user does NOT have a user mapping associated with their account, user gets moved to "Users without Group" and has restricted access
- If a user's user mapping changes, they will be moved to the correct group upon their next SSO sign-in
