Authentication - SysAdmin
censhare offers an internal standard authentication as well as common external identity management methods to authenticate users. Multiple authentication methods can be in place in parallel.
In censhare, users log in with a unique username and password. You can use multiple authentication methods in parallel and integrate censhare with the authentication methods that are already in place in your organization.
The following is required for censhare authentication to successfully log on a user:
- user name and password
- at least one default domain
- at least one default role
If you use external identity providers, the domain and role must be mapped to the existing user attributes, or you must extend your user profiles with the respective attributes.
The configuration is carried out in the censhare Admin Client. To configure LDAP, Kerberos, or SAML SSO authentication, you need access to the respective services .
Authentication for censhare Client and censhare Web can be configured separately.
Prerequisites
None.
Authentication methods
- censhare internal standard authentication
- LDAP/AD
- Kerberos - SSO
- SAML - SSO
censhare internal standard authentication
censhare provides an internal authentication that is default. The internal authentication is always available, and can be used as a fallback, if you use external authentication methods. At least one system administrator account must always be configured for the standard authentication. As a best practice, system administrators, system users, and external users should use this authentication method.
With the standard authentication, user accounts are managed and stored in the censhare master data. To manage user data, access to the censhare Admin Client is required. No setup is required for this authentication method.
Tip: We recommend to configure at least one administration account that uses the internal standard authentication. This allows you to sign in to censhare in case the external authentication fails.
LDAP/AD
The custom authentication uses a Microsoft Active Directory or LDAP service to manage user accounts. The authentication sequence between the censhare Client/censhare Web, the censhare Server, and the directory service is handled with tickets and certificates. The authentication requires a mapping of user profiles and censhare permissions and settings. When a user logs in to censhare for the first time, censhare creates the user in the master data. At every following login, the user data are synchronized.
With the custom (LDAP/AD) authentication, user profiles are managed and stored on the Active Directory/LDAP server. To manage user data, access to the Active Directory/LDAP server is required.
See Configure custom LDAP authentication.
Kerberos - SSO
The Kerberos protocol can be used to authenticate users in a joint domain network. In Kerberos environments, the censhare Server, censhare Client, and censhare Web are configured as nodes that authenticate their identity to one another.
The single sign-on authentication with Kerberos requires LDAP configuration. User profiles are managed and stored on the Active Directory/LDAP server. To manage user data, access to the Active Directory/LDAP server is required.
See Configure Single-Sign-on with Kerberos.
SAML - SSO
The SAML protocol is a standard authentication method to authenticate users across security domains. In SAML environments, the censhare Server and the Online channel are added as service providers and authenticate users through an identity provider.