![]() ![]() Authorization is how AM determines whether a user has sufficient privileges to access a protected resource, and if so, access is granted to that user or entity. AM's authorization process is covered in the Authorization Guide.ĪM plays a role similar to border control at an international airport. Instead of having each and every airline company deal with access to each destination, all airlines redirect passengers to border control. Border control then determines, or authenticates, the identity of each passenger according to passport credentials. Redirect control also checks whether the identified passenger is authorized to fly to the destination corresponding to the ticket, perhaps based on visa credentials. Then, at the departure gate, an agent enforces the authorization from border control, allowing the passenger to board the plane as long as the passenger has not gotten lost, or tried to board the wrong plane, or swapped tickets with someone else. Thus, border control handles access management at the airport.ĪM uses defined mechanisms to validate credentials and complete the authentication process. For example, AM is most frequently used to protect web application pages.Ĭonsider a user who wants access to a protected web page. You can deploy an agent on the web application server. The agent redirects the user's request to an AM login page, where the user enters their credentials, such as username and password. AM determines who the user is, and whether the user has the right to access the protected page. AM then redirects the user back to the protected page with authorization credentials that can be verified by the agent. The agent allows the user authorized by AM to access the page. You can use AM to protect physical devices connected on the Internet of things (IoT). For example, a delivery van tracking system could have its proxying gateway authenticate to a brokering system using an X.509 certificate to allow it to enable an HTTPS protocol and then connect to sensors in its delivery trucks. ![]() If the X.509 certificate is valid, the brokering system can monitor a van's fuel consumption, speed, mileage, and overall engine condition to maximize each van's operating efficiency.Īuthentication Nodes and Trees. AM provides a number of authentication nodes to handle different modes of authenticating users. The nodes must be connected together in a tree to provide multiple authentication paths to users. For more information, see "About Authentication Trees".Īuthentication Modules and Chains. AM provides a number of authentication modules to handle different modes of authenticating users or entities. The modules also can be chained together to provide multiple authentication mechanisms, so that a user's or entity's credentials must be evaluated by one module before control passes to another module. ![]() For more information, see "About Authentication Modules and Chains".Īuthentication Levels. AM allows each module to be configured with an authentication level, which indicates the security level of the user's or entity's credentials. If the user needs to gain access to more sensitive resources, AM may require the user or entity to reauthenticate, providing an additional credential of another type. For more information, see "About Authentication Levels". You can configure AM to accept authentication provided by popular third-party identity providers, such as Facebook, Google, and Microsoft. For more information, see "About Social Authentication". #Timeplus connection disable password#ĪM supports multi-factor authentication, which requires a user to provide multiple forms of credentials, such as username and password, and a one-time password sent to a user's mobile phone. For more information, see "About Multi-Factor Authentication".Īccount Lockout. ![]() AM can lock accounts after a pre-configured number of failed authentication attempts. Account lockout works with modules for which users enter a password. ![]()
0 Comments
Leave a Reply. |