Overview
This page outlines the various authentication mechanisms supported by Unimarket.
At a high level there are two broad categories of authentication:
-
Username / Password Authentication
-
Standard Unimarket Authentication
-
Active Directory Authentication
-
Unimarket integrated username/password authentication
-
-
Single Sign On (SSO) Authentication
-
Unimarket integrated SSO authentication
-
CAS SSO
-
SAML SSO
-
1. Username / Password Authentication
Standard Unimarket Authentication
This is the standard/default Unimarket Authentication mechanism. Users will be directed to the Unimarket login screen to enter their user name and password. Users and passwords are managed and stored in Unimarket. Features of this approach:
-
No setup required.
-
All users are administered within Unimarket.
Active Directory / LDAP Authentication
This enables the authentication decision to be made by the customer's Active Directory system. The Unimarket login page will be used to capture the user name and password which will then be sent to Active Directory for authentication.Features of this approach:
- Allows centralized control of a customer's users (e.g. if a user leaves the customer organization and he/she is removed from Active Directory then that user will no longer be able to use Unimarket).
- Users do not need to be created in Unimarket. They will be auto-provisioned when they login for the first time with default role and group settings.
- Users will not have to remember a new set of user names and passwords for Unimarket.
- Customer will have to allow Unimarket to send requests to the Active Directory server. In most cases this simply means opening the standard ldap and ldaps ports in the customer firewall.
- A user with the administrator role in Unimarket will still have to manage the users in Unimarket to configure them with things like Unimarket roles or the customer can make use of the Unimarket user-detail integration to externally manage the users profile.
- The needed information for the Active Directory (LDAP) authentication are:
- Active Directory Domain (Example: college.edu or ad.college.edu)
- Active Directory URL (Example: ldaps://192.162.1.1:port or ldaps://college.edu:port)
Unimarket Integrated Username / Password Authentication
Users will be directed to the Unimarket login screen to enter their username and password. The entered credentials are then sent via a SOAP web service request to an endpoint in the customer environment, which then indicates in it's response message whether the credentials were valid or not.This approach is documented more fully here. Features of this approach:
- Gives the customer full control of user authentication and customer can integrate with any custom backend system they might have.
- A user with the administrator role in Unimarket will still have to manage the users in Unimarket to configure them with things like Unimarket roles or the customer can make use of the Unimarket user-detail integration.
2. Single Sign-On (SSO) Authentication
Single Sign-On is a process that allows network users to access authorized network resources (such as Unimarket) without having to separately log in to each resource. Single Sign-On also gives your organization the ability to integrate with an external identity management system (such as Active Directory) or perform web based single sign on to Unimarket.A typical example is an internal customer portal. Users have to enter their credentials once to get into the portal but are then able to access all the other systems in the organization without further authentication.
Unimarket Integrated SSO Authentication
This enables Single Sign On into Unimarket through web service integration. It is documented more fully here. Features of this approach:
-
Allows completely transparent user authentication.
-
A user with the administrator role in Unimarket will still have to manage the users in Unimarket to configure them with things like Unimarket roles or the customer can make use of the Unimarket user-detail integration.
CAS SSO
This enables Single Sign On into Unimarket through the CAS standard.
Please find more information on the CAS standard here. Features of this approach:
- Allows completely transparent user authentication.
- A user with the administrator role in Unimarket will still have to manage the users in Unimarket to configure them with things like Unimarket roles or the customer can make use of the Unimarket user-detail integration.
SAML (Security Assertion Markup Language) SSO
This enables Single Sign-On into Unimarket through the SAML standard.
Please find more information on the SAML standard here. Features of this approach:
- Allows completely transparent user authentication.
- Unimarket acts as a SAML Service Provider (SP) and integrates with the customer Identity Provider (IDP).
- A user with the administrator role in Unimarket will still have to manage the users in Unimarket to configure them with things like Unimarket roles or the customer can make use of the Unimarket user-detail integration.
- Alternatively the customer IDP is able to supply user roles, buyer group and organization units in the SAML response message.
Related Articles Authentication user name/password (authentication-request), Authentication token based (authentication-request)