Authentication

Authentication is the process of verifying a user’s identity. To manage user authentication with the appliance, use AMC to define one or more external authentication servers (also known as directory servers or user stores) that contain the credentials for your user population. The actual management of the user information is still done on your authentication servers; the appliance makes use of that information to authenticate users.

Creating an authentication realm in AMC also involves specifying an authentication method (username/password or one-time password, token or smart card, or digital certificate).

The SMA appliance supports a broad range of authentication models including:

• Microsoft Active Directory (Basic)
• Microsoft Active Directory (Advanced)
• LDAP
• RADIUS
• One Identity Defender
• RSA Authentication Manager (Multi-factor authentication)
• Public key infrastructure (PKI)
• SAML 2.0 Identity Provider
• Time based One Time Password (Microsoft, Google, Duo)
• SMS Gateway
• RADIUS Phone Factor
• Local User Authentication

An authentication realm is what users log in to on the appliance to gain access to your resources. If your organization has only one authentication server, you would create one realm on the appliance. If you have several authentication servers, you can create a realm for each of them, or set up pairs of servers for chained authentication. To take a more granular approach to deployment and security, you can further subdivide the user population of a realm into communities.