In the Security Groups application, you can set up authentication to validate the identity of a user. Authentication is the process of validating the identity of a user through a user ID and a password.
You can use application server security with an external authentication mechanism, such as LDAP, to authenticate users. The system uses application server security with an external authentication mechanism.
The system is built with Java™ 2 Platform, Enterprise Edition (J2EE) technology. This technology requires a commercial application server. The system uses WebSphere® Application Server or WebLogic Server. By default, WebSphere Application Server security is enabled.
You can authenticate users against LDAP using Windows Server Active Directory and Virtual Member Manager.
When you configure the application server to authenticate against an active directory, you create and manage users in the LDAP directory server. The Virtual Member Manager cron task updates the database when users, groups, and group membership are changed in the directory server. When users and groups are deleted from the active directory, they are not deleted from the database. This occurs because these records could be needed for auditing purposes.
You can also configure the system to populate person, user, and group information from the external directory. The system currently supports synchronization of information from Microsoft Active Directory. Synchronization with other directories is possible, but is not supported as a standard feature and can require programming to configure.
Both WebLogic Server and IBM® WebSphere Application Server support authentication against Windows Server Active Directory.
You can use the native authentication provided with the system to authenticate users and verify their identity and security authorizations.
When a user provides a login ID and password, the security functions validate whether the user ID and password are in the database. The user is granted access to applications, actions, and data based on the security groups with which their user ID is associated.