Authentication Overview
Authentication is the act of determining who is logging on and calculating and enforcing their access. Authentication is one of the most important functions of dbFront.
dbFront supports multiple overlapping authentication options for validating users and ensuring they have the appropriate access to your databases, tables or data rows. This topic provides an overview of the complex set of options.
One clue to the complexity is the 5 different Admin Types.
Authentication Configuration
The Authentication Type is set on the Database Connection. The available options are:
- No Access
- Public Access
- Database Authentication
- Windows Authentication
For more details see: Connection Access
Active Directory / Windows Authentication
The default authentication in dbFront is Active Directory / Windows Authentication. If dbFront is installed on a server or workstation that does not have access to an Active Directory server then dbFront will have the local server or workstation manage the authentication. If Active Directory is found then dbFront will defer to Active Directory.
If you want to manage your access based on Active Directory then you would set up the dbFront Service to point directly to your domain. Additionally, you would set up groups to restrict access to dbFront, both for administrators and regular users.
For more details see: Authentication Setup.
Note: Windows Authentication is required for all Administrative users.
Database Authentication
If your source of users is contained in a Database then you can setup dbFront so that it will validate users using a stored procedure.
For more details see: Database Authentication.
Note: Database Authentication must be set up after you have set up the Active Directory / Windows Authentication for administrators.
Single-Sign-On (SSO) Authentication
If Single-Sign-On is enabled then dbFront will remove its login screen and automatically defer all authentication requests to the specified SSO provider.
Single Sign-on Authentication is a global setting that overrides other authentication options. Unlike Active Directory / Windows Authentication or Database Authentication, Single Sign-on can't be limited to specific connections.
For more details see: Single-Sign-On
Note: SSO must be set up after you have set up the Active Directory / Windows Authentication for administrators.
User Profiles
In addition to all of the above authentication options, you can use the requirement for a Database Profile to restrict or manage user access to individual databases. For more details see: User Profiles.
More Details
- Database Connection security,
- Table Security,
- Row Level Security.