What is third-party authentication? - Security Center 5.12

Security Center Administrator Guide 5.12

Product
Security Center
Content type
Guides > Administrator guides
Version
5.12
Language
English
Last updated
2024-09-13

Third-party authentication uses a trusted, external identity provider to validate user credentials before granting access to one or more IT systems. The authentication process returns identifying information, such as a username and group membership, that is used to authorize or deny the requested access.

What is an identity provider?

An identity provider is a trusted, external system that administers user accounts, and is responsible for providing user authentication and identity information to relying applications over a distributed network.

What are the benefits of using an identity provider?

  • Can impose advanced authentication requirements, like the use of smartcards or Multi-Factor Authentication (MFA), to increase confidence that a user is who they say they are.
  • Decouples the process of authentication (verifying that an entity is what it claims to be) from the process of authorization (establishing the rights an entity has over the features and resources of a system).
    NOTE: Security Center only uses an external identity provider for user authentication. Authorization is handled internally, using partitions and privileges.
  • Allows Single Sign-On (SSO), where one user authentication grants access to multiple IT systems or even organizations.

What methods of third-party authentication does Security Center support?

Security Center supports the following third-party authentication methods:
NOTE: Users authenticated by an external identity provider are only created in Security Center at first logon. Unlike with Active Directory, you cannot import external users to Security Center when the Authentication Service role connects to an identity provider.

Requirements

To use third-party authentication, the following conditions must be met:
  • Security Center clients must have network access to the external identity provider.
  • A TLS encryption certificate for the identity provider must be trusted by the Security Center client.

Performance impact

  • The scalability of the Directory is not impacted by third-party authentication.
  • User logons using third-party authentication are expected to take slightly longer than native authentication, because they require the client to connect to one or more remote identity providers before connecting to the Directory.