In addition to creating user accounts manually, the system supports integrating with the following third-party user management systems for authentication.

▪LDAP Authentication
LDAP authentication allows users to log in to the system if they have an account stored in a directory server, such as MS Active Directory, OpenLDAP or OpenDJ. Users in the directory are identified by a distinguished name (DN) which resembles a path-like structure starting at the directory root.

▪AD Authentication
AD authentication allows users to log in to the system if they have an account in an Active Directory domain. AD authentication offers users a faster, more secure, and more scalable authentication mechanism than LDAP authentication.

▪TACACS+ Authentication
TACACS+ authentication forwards the login name and password of a user to an authentication server to determine whether the user has access to the system.

▪SSO Authentication
The system supports Security Assertion Markup Language (SAML) 2.0 based SSO and integrates with federation servers or individual identity providers to share session information across different security domains. SAML SSO works by transfer the user’s identity through an exchange of digitally signed XML documents. There are two mechanisms of implementation:

oService Provider initiated (SP-initiated) — Users log in to an identity provider. The identity provider uses SAML to log the users into a NetBrain domain. When the users log out of the identity provider (or NetBrain) session, they will be automatically logged out of both.

oIdentity Provider initiated (IdP-initiated) — Users who are already logged-in at other identity providers can directly view embedded NetBrain applications, such as map, path and data view.