General

General#

Authentication types#

To log in to Bacularis, a user must be authenticated by a trusted entity. Bacularis supports two main types of authentication entities:

  • Authentication methods

    They are methods directly handled by Bacularis:

    • Local user authentication

      Users are verified by Bacularis using credentials stored internally. They log in via the web-based login form.

      This is the default authentication method.

      → (See: Local user authentication)

    • HTTP basic authentication

      Users are verified using a credentials file (containing usernames and password hashes). This method relies on the standard HTTP Basic authentication method that is part of the HTTP protocol. Users are prompted to enter login credentials through a browser pop-up window.

      → (See: Basic user authentication)

    • LDAP authentication

      User credentials are verified via an external directory using the LDAP protocol. Login is done through the web-based login form.

      → (See: LDAP user authentication)

  • Identity providers (IdPs)

    Identity providers are external systems that handle user identity and authentication. Bacularis supports the following:

    • SSO – OpenID Connect

      Enables integration with a variety of IAM (Identity and Access Management) systems, either locally hosted or provided as cloud services.

      → (See: SSO - OpenID Connect)

    • Social login

      Users can log in using their social media accounts. Currently supported:

      • Google

      • Facebook

      → (See: Social login - Google, Social login - Facebook)

Login options#

Bacularis supports multiple login methods, depending on the user type. To log in successfully, users must know:

  • Whether they are part of an organization

  • If so, which organization they belong to

Based on this, users will select the appropriate login option on the login page.

Non-organization users#

These are standard users who belong to the global Bacularis user namespace. They authenticate using the default login/password form on the main login screen.

Organization users#

These users belong to a specific organization defined within Bacularis. They must use the organization-specific login buttons located at the bottom of the login form.

If the organization uses a Bacularis authentication method, clicking the organization’s login button opens a dedicated form for entering credentials.

If the organization uses an external identity provider (IdP), clicking the login button will redirect the user to the external service for authentication. Upon success, the user is returned to Bacularis as a logged-in user.

Example login page#

Below is an example of a login screen with all authentication options enabled. Red arrows indicate which login button to choose for each authentication method.

../_images/bacularis_authentication_login_options_example.png