Difference between revisions of "IVS Wiki:User Management"
IVSWikiBlue (talk | contribs) (Created page with "{{Article - Manual | content = <h1>VALT Authentication Methods – Feature Overview</h1> VALT supports three authentication types: #Local Accounts #Active Directory (AD/LDAP...") |
IVSWikiBlue (talk | contribs) |
||
| Line 8: | Line 8: | ||
Below, we’ve broken down the key differences and considerations into categories like Management, Scalability, Reliability, and Security to help guide your decision. | Below, we’ve broken down the key differences and considerations into categories like Management, Scalability, Reliability, and Security to help guide your decision. | ||
| + | |||
| + | {{hr}} | ||
{{Manual lvl 2 | title = Management & Admin Control | content = }} | {{Manual lvl 2 | title = Management & Admin Control | content = }} | ||
| Line 14: | Line 16: | ||
AD / SSO: Requires IT involvement for initial configuration (e.g., networking, mappings, certificates). | AD / SSO: Requires IT involvement for initial configuration (e.g., networking, mappings, certificates). | ||
}} | }} | ||
| + | |||
| + | {{hr - 2}} | ||
{{Manual lvl 3 | title = Ease of Ongoing User Management | content = | {{Manual lvl 3 | title = Ease of Ongoing User Management | content = | ||
| Line 19: | Line 23: | ||
AD / SSO: User updates are handled in external systems. Changes are centralized but require coordination with IT. | AD / SSO: User updates are handled in external systems. Changes are centralized but require coordination with IT. | ||
}} | }} | ||
| + | |||
| + | {{hr - 2}} | ||
{{Manual lvl 3 | title = Group Management Within VALT | content = | {{Manual lvl 3 | title = Group Management Within VALT | content = | ||
| Line 24: | Line 30: | ||
AD / SSO: Group membership is controlled externally. VALT reads and enforces group assignments from AD or the SSO provider. | AD / SSO: Group membership is controlled externally. VALT reads and enforces group assignments from AD or the SSO provider. | ||
}} | }} | ||
| + | |||
| + | {{hr - 2}} | ||
{{Manual lvl 3 | title = Test Account Creation | content = | {{Manual lvl 3 | title = Test Account Creation | content = | ||
| Line 29: | Line 37: | ||
AD / SSO: Test accounts require setup in the external system (or can't exist without real credentials), making this harder. | AD / SSO: Test accounts require setup in the external system (or can't exist without real credentials), making this harder. | ||
}} | }} | ||
| + | |||
| + | |||
| + | {{Top of Page}} | ||
| + | {{hr}} | ||
{{Manual lvl 2 | title = Scalability & Flexibility | content = }} | {{Manual lvl 2 | title = Scalability & Flexibility | content = }} | ||
| Line 35: | Line 47: | ||
AD / SSO: Designed to scale. Easily supports hundreds or thousands of users by syncing existing data from your org’s directory. | AD / SSO: Designed to scale. Easily supports hundreds or thousands of users by syncing existing data from your org’s directory. | ||
}} | }} | ||
| + | |||
| + | {{hr - 2}} | ||
{{Manual lvl 3 | title = Use of Existing Org Logins | content = | {{Manual lvl 3 | title = Use of Existing Org Logins | content = | ||
| Line 40: | Line 54: | ||
AD / SSO: Reuses org credentials, reducing password fatigue and support tickets. | AD / SSO: Reuses org credentials, reducing password fatigue and support tickets. | ||
}} | }} | ||
| + | |||
| + | {{hr - 2}} | ||
{{Manual lvl 3 | title = Custom Attributes & Extended Info | content = | {{Manual lvl 3 | title = Custom Attributes & Extended Info | content = | ||
| Line 45: | Line 61: | ||
Local: Limited to basic user info. | Local: Limited to basic user info. | ||
}} | }} | ||
| + | |||
| + | |||
| + | {{Top of Page}} | ||
| + | {{hr}} | ||
{{Manual lvl 2 | title = Security & Access Control | content = }} | {{Manual lvl 2 | title = Security & Access Control | content = }} | ||
| Line 51: | Line 71: | ||
AD / SSO: Passwords are managed externally; changes apply instantly to VALT access. | AD / SSO: Passwords are managed externally; changes apply instantly to VALT access. | ||
}} | }} | ||
| + | |||
| + | {{hr - 2}} | ||
{{Manual lvl 3 | title = Just-in-Time Provisioning (SSO only) | content = | {{Manual lvl 3 | title = Just-in-Time Provisioning (SSO only) | content = | ||
| Line 56: | Line 78: | ||
}} | }} | ||
| − | {{Manual lvl | + | {{hr - 2}} |
| + | |||
| + | {{Manual lvl 3 | title = Access Deactivation | content = | ||
AD / SSO: Disable access centrally by removing the user from the appropriate group—no need to log into VALT. | AD / SSO: Disable access centrally by removing the user from the appropriate group—no need to log into VALT. | ||
Local: Must manually delete or deactivate the user in VALT. | Local: Must manually delete or deactivate the user in VALT. | ||
}} | }} | ||
| + | |||
| + | |||
| + | {{Top of Page}} | ||
| + | {{hr}} | ||
{{Manual lvl 2 | title = Reliability & Dependencies | content = }} | {{Manual lvl 2 | title = Reliability & Dependencies | content = }} | ||
| Line 66: | Line 94: | ||
AD / SSO: VALT access depends on the availability of external authentication systems. | AD / SSO: VALT access depends on the availability of external authentication systems. | ||
}} | }} | ||
| + | |||
| + | {{hr - 2}} | ||
{{Manual lvl 3 | title = Network Requirements | content = | {{Manual lvl 3 | title = Network Requirements | content = | ||
| Line 71: | Line 101: | ||
SSO: No special network setup needed—authentication happens in the browser. | SSO: No special network setup needed—authentication happens in the browser. | ||
}} | }} | ||
| + | |||
| + | {{hr - 2}} | ||
{{Manual lvl 3 | title = SSO Requirements | content = | {{Manual lvl 3 | title = SSO Requirements | content = | ||
Latest revision as of 14:32, 25 March 2025
VALT Authentication Methods – Feature Overview
VALT supports three authentication types:
- Local Accounts
- Active Directory (AD/LDAP)
- SAML/Single Sign-On (SSO).
Below, we’ve broken down the key differences and considerations into categories like Management, Scalability, Reliability, and Security to help guide your decision.
Management & Admin Control
Ease of Setup (Initial Configuration)
Local: Easy to set up. Admins can create accounts directly in VALT with no external dependencies. AD / SSO: Requires IT involvement for initial configuration (e.g., networking, mappings, certificates).
Ease of Ongoing User Management
Local: Admins manage users, passwords, and groups within VALT. Great for hands-on control but becomes tedious at scale. AD / SSO: User updates are handled in external systems. Changes are centralized but require coordination with IT.
Group Management Within VALT
Local: Full manual control—admins can create groups and assign users directly. AD / SSO: Group membership is controlled externally. VALT reads and enforces group assignments from AD or the SSO provider.
Test Account Creation
Local: Admins can create test users easily for troubleshooting or permission checks. AD / SSO: Test accounts require setup in the external system (or can't exist without real credentials), making this harder.
Scalability & Flexibility
Scalability for Larger Orgs
Local: Not scalable. Every account must be added and maintained manually. AD / SSO: Designed to scale. Easily supports hundreds or thousands of users by syncing existing data from your org’s directory.
Use of Existing Org Logins
Local: Requires unique credentials for VALT. AD / SSO: Reuses org credentials, reducing password fatigue and support tickets.
Custom Attributes & Extended Info
AD / SSO: Can pull in extra user info (e.g., department, title) from the directory for reporting or automation. Local: Limited to basic user info.
Security & Access Control
Password Management
Local: Admins reset passwords manually. AD / SSO: Passwords are managed externally; changes apply instantly to VALT access.
Just-in-Time Provisioning (SSO only)
SSO: VALT creates the user account upon first login based on info provided by the Identity Provider. Admins don’t need to pre-create users.
Access Deactivation
AD / SSO: Disable access centrally by removing the user from the appropriate group—no need to log into VALT. Local: Must manually delete or deactivate the user in VALT.
Reliability & Dependencies
Reliance on External Systems
Local: Independent. VALT access continues even if external systems (AD or SSO) are down. AD / SSO: VALT access depends on the availability of external authentication systems.
Network Requirements
AD: Requires specific firewall rules and network connectivity to the LDAP server. SSO: No special network setup needed—authentication happens in the browser.
SSO Requirements
SSO: Needs SSL certificates and accurate time-syncing (NTP). These are standard in most enterprise environments.
