Authentication of users

In the Security Groups application, you can set up authentication to validate the identity of a user. Authentication is the process of validating the identity of a user through a user ID and a password.

You can authenticate users through the following methods:

Authenticating using LDAP

You can use application server security with an external authentication mechanism, such as LDAP, to authenticate users. The system uses application server security with an external authentication mechanism.

The system is built with Java™ 2 Platform, Enterprise Edition (J2EE) technology. This technology requires a commercial application server. The system uses WebSphere® Application Server or WebLogic Server. By default, WebSphere Application Server security is enabled.

Authenticating using LDAP with Virtual Member Manager

You can authenticate users against LDAP using Windows Server Active Directory and Virtual Member Manager.

When you configure the application server to authenticate against an active directory, you create and manage users in the LDAP directory server. The Virtual Member Manager cron task updates the database when users, groups, and group membership are changed in the directory server. When users and groups are deleted from the active directory, they are not deleted from the database. This occurs because these records could be needed for auditing purposes.

You can also configure the system to populate person, user, and group information from the external directory. The system currently supports synchronization of information from Microsoft Active Directory. Synchronization with other directories is possible, but is not supported as a standard feature and can require programming to configure.

Both WebLogic Server and IBM® WebSphere Application Server support authentication against Windows Server Active Directory.

Authenticating using a Web client server for native authentication

You can use the native authentication provided with the system to authenticate users and verify their identity and security authorizations.

When a user provides a login ID and password, the security functions validate whether the user ID and password are in the database. The user is granted access to applications, actions, and data based on the security groups with which their user ID is associated.

In addition, the security services perform the following actions at startup:
  • Verify if the login ID is blocked or inactive.
  • Authenticate the login ID and update password history.
  • Establish the default insert site, organization, and person ID for the user.
  • Establish the language, locale, time zone, and start center ID for the user.
  • Route any workflow assignments to the inbox for the user.


Feedback