Difference between revisions of "Authentication Workflows"
IVSWikiBlue (talk | contribs) |
IVSWikiBlue (talk | contribs) |
||
| (16 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
__TOC__ | __TOC__ | ||
{{Article | title = Authentication Workflows | content = | {{Article | title = Authentication Workflows | content = | ||
| + | <onlyinclude> | ||
There are three different authentication methods that can be used for VALT: | There are three different authentication methods that can be used for VALT: | ||
<b> | <b> | ||
| − | *Local | + | *Local Authentication |
| − | *LDAP | + | *LDAP Authentication |
| − | *SSO | + | *SSO Authentication |
</b> | </b> | ||
| − | + | {{hr}} | |
| − | |||
| − | |||
<h2>Local Authentication</h2> | <h2>Local Authentication</h2> | ||
Local accounts are created and assigned to groups within VALT. Local accounts can be created manually or imported from a [[Importing_Users_from_a_file|list]]. | Local accounts are created and assigned to groups within VALT. Local accounts can be created manually or imported from a [[Importing_Users_from_a_file|list]]. | ||
| − | {{img - | + | {{img - resize | file = auth_local.jpg}} |
| − | + | {{hr}} | |
<h2>LDAP Authentication</h2> | <h2>LDAP Authentication</h2> | ||
LDAP accounts can be imported manually using an LDAP search and lookup tool within the software or imported automatically on a schedule based on group. | LDAP accounts can be imported manually using an LDAP search and lookup tool within the software or imported automatically on a schedule based on group. | ||
| − | {{img - | + | {{img - resize | file = auth_ldap.jpg}} |
| − | + | {{hr}} | |
<h2>SSO Authentication</h2> | <h2>SSO Authentication</h2> | ||
SSO accounts are automatically created when a user logs in for the first time. The user can be placed in the proper group automatically upon login by mapping SSO attributes to a user group within VALT. | SSO accounts are automatically created when a user logs in for the first time. The user can be placed in the proper group automatically upon login by mapping SSO attributes to a user group within VALT. | ||
| − | {{img - | + | *VALT's SSO uses <b>Just-In-Time (JIT) Provisioning</b>. |
| + | **<em>Users are reevaluated and assigned to groups each time they log in, based on a [[Single_Sign-On_(SSO)#User_Mapping | group membership]] attribute being passed.</em> | ||
| + | *If a user does <u>NOT</u> have a user mapping associated with their account, the user gets moved to "<b>Users without Group</b>" and has restricted access. | ||
| + | *If a user's user mapping changes, they will be moved to the correct group upon their next SSO sign-in. | ||
| + | **<em>Correct mapping is based on the SSO mapping created in VALT and the attribute/pair value being passed from the IdP.</em> | ||
| + | |||
| + | {{hr - 2}} | ||
| + | |||
| + | {{img - resize | file = SSO Flow Chart.png}} | ||
| + | |||
| + | </onlyinclude> | ||
| + | |||
| + | {{hr}} | ||
| + | |||
| + | [[VALT SSO| ⤺ Back to VALT SSO Main Page]] | ||
}} | }} | ||
Latest revision as of 15:13, 1 April 2024
Contents
Authentication Workflows
There are three different authentication methods that can be used for VALT:
- Local Authentication
- LDAP Authentication
- SSO Authentication
Local Authentication
Local accounts are created and assigned to groups within VALT. Local accounts can be created manually or imported from a list.
LDAP Authentication
LDAP accounts can be imported manually using an LDAP search and lookup tool within the software or imported automatically on a schedule based on group.
SSO Authentication
SSO accounts are automatically created when a user logs in for the first time. The user can be placed in the proper group automatically upon login by mapping SSO attributes to a user group within VALT.
- VALT's SSO uses Just-In-Time (JIT) Provisioning.
- Users are reevaluated and assigned to groups each time they log in, based on a group membership attribute being passed.
- If a user does NOT have a user mapping associated with their account, the user gets moved to "Users without Group" and has restricted access.
- If a user's user mapping changes, they will be moved to the correct group upon their next SSO sign-in.
- Correct mapping is based on the SSO mapping created in VALT and the attribute/pair value being passed from the IdP.
⤺ Back to VALT SSO Main Page
