Authentication

Authentication means validating the identify of a user who is trying to access an instance, and then authorizing the user to access features that match the user's role or job function.

Available authentication methods

You can use several different methods to authenticate users. User credentials are matched to different saved credentials for each method.

Table 1. Authentication methods
Authentication methods Description
Local database The user name and password in their user record in the instance database.
Multifactor The user name and password in the database and a passcode sent to the user's mobile device that has Google Authenticator installed. See Multifactor authentication.
LDAP The user name and password in their LDAP account, which has a matching user account in the database. See LDAP integration.
SAML The user name and password configured in a SAML identity provider account, which has a matching user account in the database. See SAML 2.0.
OAuth 2.0 The user name and password of OAuth identity provider, which has a matching user account in the database. See OAuth 2.0.
Digest Token An encrypted digest of the user name and password in the user record. See Digest token authentication.

Multiple Provider SSO allows you to choose use several identity providers (IdPs) to manage authentication as well as retain local database authentication. You can use SAML and Digest Authentication through the Multiple Provider SSO application.

Tips for choosing an authentication method

  • Development environments can use the instance's database credentials to speed up the development of new features.
  • Customers who manage their users with existing LDAP or identity providers should use a matching authentication method.