Authentication is one of the most important functions of dbFront. dbFront includes many options for validating users and ensuring that they have the appropriate access to your databases, tables or data rows. This topic provides an overview of the potentially overwhelming number of Authentication options.
Authentication is the act of determining who is logging on and what access groups they belong to.
Active Directory / Windows Authentication
The default authentication in dbFront is Active Directory / Windows Authentication. If dbFront is installed on a server or workstation that does not have access to an Active Directory server then dbFront will have the local server or workstation manage the authentication. If Active Directory is found then dbFront will defer to Active Directory.
If you want to manage your access based on Active Directory then you would set up the dbFront Service to point directly to your domain. Additionally, you would set up groups to restrict access to dbFront, both for administrators and regular users.
For more details see: Authentication Setup.
Note: Windows Authentication is required for all Administrative users.
If your source of users is contained in a Database then you can setup dbFront so that it will validate users using a stored procedure.
For more details see: Database Authentication.
Note: Database Authentication must be set up after you have set up the Active Directory / Windows Authentication for administrators.
Single-Sign-On (SSO) Authentication
If Single-Sign-On is enabled then dbFront will remove its login screen and automatically defer all authentication requests to the specified SSO provider.
Single Sign-on Authentication is a global setting that overrides other authentication options. Unlike Active Directory / Windows Authentication or Database Authentication, Single Sign-on can't be limited to specific connections.
For more details see: Single-Sign-On
Note: SSO must be set up after you have set up the Active Directory / Windows Authentication for administrators.
In addition to all of the above authentication options, you can use the requirement for a Database Profile to restrict or manage user access to individual databases. For more details see: User Profiles.
- Database Connection security,
- Table Security,
- Row Level Security.