General

General#

Authentication types#

Authentication process requires an entity that can verify the user. In Bacularis are two base types of these entities:

  • authentication methods - they are methods directly realized by Bacularis:

    • Local user authentication - the user is verified by Bacularis using internally stored user information. To authenticate, users use the web login form on the login page. This is the default method (read more: Local user authentication).

    • HTTP Basic user authentication - the user is verified by Bacularis using the specified file with credentials (logins and password hashes). This authentication method is part of the HTTP protocol. To authenticate, users use an login/password window displayed by the web browser (read more: Basic user authentication).

    • LDAP user authentication - the user is verified in an external user directory using the LDAP protocol. To authenticate, users use the web login form on the login page (read more: LDAP user authentication).

  • identity providers (IdP) - they are external systems that manage user identities and authenticate users to access online services. The following identity provider options are currently supported:

    • SSO - OpenID Connect - it enables to use wide range of IAM (Identity and Access Management) services realized in local network or provided by other companies as an online service (read more: SSO - OpenID Connect).

    • Social login - the user can log in using the social media account credentials (read more: Social login - Google and Social login - Facebook)

Login options#

Users can log in to Bacularis in different ways. To successful login user needs to know two things:

  • whether user a member of organization or not

  • if user is a member of organization, which organization he/she is member

Depending on answers to the above questions, on the login page the user will choose appropriate option to authenticate.

Non-organization users#

They are traditional users that belong to the global namespace of Bacularis users. These users use the login/password form on the login page.

Organization users#

These users have to select a button at the bottom of the login/password form. Each organization has its own login button and its own authentication procedure.

If the user’s organization uses Bacularis authentication (Auth method) then after clicking the organization button the user will see a new organization-specific form where he/she can enter login and password.

If the user’s organization uses the identity provider (IdP) authentication, then the user will be automatically redirected to the IdP service to authenticate and after he/she will back to the Bacularis web interface as a logged-in user.

Example login page#

Below you can see a login screen with all authentication types configured. The red arrows indicate which login button to select for a given login option.

../_images/bacularis_authentication_login_options_example.png