Navigation:  »No topics above this level«

Configuring authentication in a directory service

 Previous  Top  Next

SE Suite offers three forms of authentication in a directory service: NTLMv2, LDAP and SAML 2.0.

 

Authentication modes that make use of the directory service can be classified into two groups:

Informing User and Password (NTLM and LDAP): These authentication modes are recommended in cases where the authentication server and SE Suite are within the same domain, without the need for external authentication. With LDAP, communication can be considered simpler and less secure compared to NTLM v2 and SAML 2.0. It is not recommended using these options in cases where SE Suite is running in an environment external to the authentication server, such as a cloud server.

Using network credentials (SAML): Single Sign-On unifies the credentials on the authentication server and makes authentication more secure and handy for users synchronized with the directory service. However, this authentication type requires a previously configured infrastructure. The system supports the following protocol for Single Sign-On:

oSAM 2.0: This protocol is recommended when the SE Suite server is running outside the authentication server domain, such as in cases where the system is hosted on a cloud server or when there is simply a need to use a federated identity.

 

It is allowed to use the two groups together, selecting only one option each.

The "Internal" authentication mode does not use the credentials maintained by the directory service, only the password defined in the user record directly in SE Suite.