Set up authentication profile in Identity Manager
This article includes updates for Smart ID 23.10.5.
This article describes authentication profiles in Smart ID Identity Manager and how to configure the profiles. Authentication profiles are used to define how users can gain access to Identity Manager and what they gain access to.
Authentication is done in two steps:
Authentication: login in with a certain user credential. The user will be extracted from the credential depending on the authentication type.
Authorization: after successful authentication the assigned roles for the user are determined depending on the authentication type.
The following authentication profiles are available:
Authentication profile | Authentication / Login mechanism | User / Principal | Authorization / Roles / Permissions |
---|---|---|---|
Internal In the runtime system (Identity Manager Operator and Smart ID Self-Service), this profile type is not recommended for production. Usually, the administrator of Identity Manager Admin has an internal account. | Login with username and password based on internal user table | Username | Roles from internal roles table |
LDAP | External login mechanism based on LDAP | DN from LDAP configuration | Group membership in LDAP directory is mapped to internal roles |
LDAP Core Object | External login mechanism based on LDAP | DN from LDAP configuration | Internal roles mapped to core objects |
Client Certificate and LDAP | Client certificate login based on LDAP | Configured attribute in certificate | Group membership in LDAP directory is mapped to internal roles |
Client Certificate Internal In the runtime system (Identity Manager Operator and Smart ID Self-Service), this profile type is not recommended for production. | Client certificate login based on internal user | Configured attribute in certificate | Roles from internal roles table |
Client Certificate Core Object | Client certificate login based on Core Objects | Configured attribute in certificate | Internal roles mapped to core objects |
Smart Card and Core Object This authentication profile is deprecated, but can still be used for older versions of Identity Manager. From PRIME 3.9, use Client Certificate Core Object. | Smart card certificate | Configured attribute in certificate | Internal roles mapped to core objects |
Username and Password Core Object | Login with username and password based on core objects | Username | Internal roles mapped to core objects |
SAML SSO Core Object (*) | External login with SAML SSO | Configured attribute in SAML token | Internal roles mapped to core objects |
SAML SSO LDAP (*) | External login with SAML SSO. | Configured attribute in SAML token | Group membership in LDAP directory is mapped to internal roles |
SAML SSO Group (*) | External login with SAML SSO. | Configured attribute in SAML token | Configured attribute in SAML token |
(*) For SAML, an extra layer of security is added by limiting the role assignment based on authentication method. For more information, see the instructions for SAML SSO Core Object, SAML SSO LDAP, and SAML SSO Group profiles below.
Prerequisites
Step-by-step instruction
Configure profile types
The configuration of authentication profiles differs according to the different profile types. Find your selected authentication profile type below and follow the instruction to set up the configuration.
Configure post-login process
Tenant ID settings
Configure Smart ID Self-Service login page
Configure Identity Manager Operator login page
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions