About Security Authentication

This application allows the following methods of authentication: Header, Kerberos, IVR, WEB, and AD or LDAP.

Except for the IVR method which is always turned on, all other authentication methods can be turned on or off using the corresponding settings in the security profile. Security profiles are configurable in the security.properties configuration file using the secrurity.profiles property setting. The default location is:

C://Program Files > “Application Name” > configuration > security.properties

One or more security profiles can be used together, except AD and LDAP which are mutually exclusive. Moreover, security authentication methods run in the order shown below. This means only one of the authentications methods needs to pass in this order:

Header
Kerberos¹
AD² or LDAP
Web

Although AD, LDAP, and Web are mutually exclusive, (AD + Web) or (LDAP + Web) are acceptable in the security.profiles property for organization’s with varying login policies in place. For example, one group of users has an AD login policy, and another group of users has a Web login policy.

General Login Behavior Note
Phone credentials are always used when logging in through IVR. Only AD, LDAP, or WEB present the user with a login form and dependent on the user’s Login Policy settings.

Example:

Suppose the following and multiple security profiles are desired: AD, Web, and Kerberos. The security.profiles properties setting was populated like this: security.profiles=SECURITY-AD,SECURITY-WEB,SECURITY-KERBEROS

Using multiple authentication methods means that only one of these authentication methods needs to pass in the system defined order for that user. Since Header and LDAP are not specified in the security.profiles properties, the authentication path for this example is (1) Kerberos, (2) AD, and (3) Web.