Authentication methods

Authentication verifies the identity of a user. To access the Platform, you must be a user registered in the Platform identity store. You can configure local authentication in the Platform or integrate external authentication.

Local authentication

If you want to use local authentication, you need to create user identities directly in Access Manager by creating accounts for each user (a username and a password). This way, the Platform local identity store is used to verify users.

Use local authentication in the following cases:

• Your organization does not manage users with LDAP/AD.
• You do not want to use LDAP/AD as an authentication provider.

If you decide to use local authentication, you can also set password policies and define many other setting related to authentication and its security.

External authentication

You can integrate your existing databases with users and their passwords or other credentials. Out of the box, LDAP and Active Directory are supported.

If you decide to synchronize the external database with the Platform local identity store, consider the following aspects:

• The imported data (username, email, first name, last name, and other mapped attributes are unchangeable) is read-only, no changes will be pushed back to Active Directory.
• Password policies and other local authentication settings do not apply to the imported records. Instead, the policies set up in the external authentication source are enforced.
• Passwords are not imported, and password validation is performed on the LDAP/AD server.

For details, see LDAP/AD as an external authentication provider.