Info |
---|
This article includes updates for Smart ID 23.04.13. |
...
Authentication profile | Authentication / Login mechanism | User / Principal | Authorization / Roles / Permissions |
---|---|---|---|
Internal In the runtime system (Identity Manager Operator and Smart ID Self-Service), this profile type is not recommended for production. Usually, the administrator of Identity Manager Admin has an internal account. | Login with username and password based on internal user table | Username | Roles from internal roles table |
LDAP | External login mechanism based on LDAP | DN from LDAP configuration | Group membership in LDAP directory is mapped to internal roles |
LDAP Core Object | External login mechanism based on LDAP | DN from LDAP configuration | Internal roles mapped to core objects |
Client Certificate and LDAP | Client certificate login based on LDAP | Configured attribute in certificate | Group membership in LDAP directory is mapped to internal roles |
Client Certificate Internal In the runtime system (Identity Manager Operator and Smart ID Self-Service), this profile type is not recommended for production. | Client certificate login based on internal user | Configured attribute in certificate | Roles from internal roles table |
Client Certificate Core Object | Client certificate login based on Core Objects | Configured attribute in certificate | Internal roles mapped to core objects |
Smart Card and Core Object This authentication profile is deprecated, but can still be used for older versions of Identity Manager. From PRIME 3.9, use Client Certificate Core Object. | Smart card certificate | Configured attribute in certificate | Internal roles mapped to core objects |
Username and Password Core Object | Login with username and password based on core objects | Username | Internal roles mapped to core objects |
SAML SSO Core Object (*) | External login with SAML SSO | Configured attribute in SAML token | Internal roles mapped to core objects |
SAML SSO LDAP (*) | External login with SAML SSO. | Configured attribute in SAML token | Group membership in LDAP directory is mapped to internal roles |
SAML SSO Group (*) | External login with SAML SSO. | Configured attribute in SAML token | Configured attribute in SAML token |
...
Expand | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||
|
...
Expand | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||
|
...
Expand | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
|
...
Expand | ||
---|---|---|
| ||
|
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
...
Expand | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||
|
Expand | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||
|
Expand | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||
This authentication profile analyzes the SAML response only to determine the user's roles after a successful login. The administrator has to configure the attribute which will be read/parsed from the SAML response.
|
Configure post-login process
Expand | ||
---|---|---|
| ||
In order for a process to be started after you login in Identity Manager Operator and Self-Service (if applicable), the process must end with the service task "Login - Finalize post-login process", see Login - Standard service tasks in Identity Manager. The post-login process is available for all authentication profiles.
When you configure a post-login process for an authentication profile which is core object based (that is: Username with Password Core Object, Client Certificate Core Object, LDAP Core Object and SAML SSO Core Object), add the process for each core template with which it should be used, as additional command.
|
Tenant ID settings
Expand | ||
---|---|---|
| ||
To validate the tenant id, use the property
|
Expand | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
If you use the correct URL, the desired authentication method can be called directly. You must give a valid tenant ID, the language will depend on browser language. For more information about the authentication methods, see Identity Manager Operator. Call authentication method "Certificate" directly
Call authentication method "SAML" directly
|
...
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
Expand | ||
---|---|---|
| ||
|
...