External Authentication

In addition to create a User Account manually, the system supports integrating with the following third-party user management systems for authentication.

• LDAP Authentication
  LDAP authentication allows users to log in to the system if they have an account stored in a directory server, such as MS Active Directory, OpenLDAP or OpenDJ. Users in the directory are identified by a distinguished name (DN) which resembles a path-like structure starting at the directory root.
• AD Authentication
  AD authentication allows users to log in to the system if they have an account in an Active Directory domain. AD authentication offers users a faster, more secure, and more scalable authentication mechanism than LDAP authentication.
• TACACS+ Authentication
  TACACS+ authentication forwards the login name and passwords of a user to an authentication server to determine whether the user has access to the system.
• SSO Authentication
  The system supports Security Assertion Markup Language (SAML) 2.0 based SSO and integrates with federation servers or individual identity providers to share session information across different security domains. SAML SSO works by transferring the user's identity through an exchange of digitally signed XML documents. There are two mechanisms of implementation:
  • Service Provider initiated (SP-initiated) — Users log in to an identity provider. The identity provider uses SAML to log the users into a NetworkBrain domain. When the users log out of the identity provider (or NetworkBrain) session, they will automatically log out of both.
  • Identity Provider initiated (IdP-initiated) — Users who already log in at other identity providers can directly view embedded NetworkBrain applications, such as map, path and data view.