Implementing Policy › User Authentication › External Authentication
External Authentication
CA SDM permits users to access the system without supplying a user ID if all of the following conditions are met:
- External authentication is set for the user.
- The user's externally authenticated user ID is associated with a contact in your contact table.
- The contact record has an access type whose authentication definition permits external authentication.
External authentication does not permit users to access the system in the following cases:
- A user attempts access through a nonsecure server.
- A user attempts access but is assigned to an access type that does not allow external authentication.
None of the predefined access types use external authentication. If you want to use external authentication for users, consider modifying the employee, analyst, and administrator access types to set external authentication. Your individual site requirements and different types of users determine whether to allow external authentication. When external authentication is used, the server configuration controls the access to files and directories. When you define authentication for an access type, you can decide the usage as follows:
- Do not use any external authentication that is already implemented, such as the user login on Windows or validation by the HTTPD server.
- Use the authentication that is implemented and allow or deny access based on it.
Note: If external authentication is not allowed, the user is authenticated based on the validation type that you specify.
Following are some examples of external authentication:
- If a user who has administrator access logs into a Windows computer, the user can perform administrative tasks without re-entering any login information.
- If a user who has HTTPD server validation, the user can access the web interface without re-entering any login information. Because the administrator access type specifies the analyst web user type, the appropriate web interface for the analyst is presented automatically.
