The Authentication page allows administrators to define the authentication policies for a specific group of users, based on their domain. To define an authentication policy, go to Identities > Authentication.
Primary method of client authentication with the PEM Administrator is implicit i.e., no prompt is shown on the UI. The Implicit login feature, Windows Integrated (IWA)provides the ability to automatically login users with their cached credentials.
If implicit login fails, the user is prompted to manually login using the credentials associated with the integrated identity platform. This authentication ensures the client can access their specific policies and key information.
PEM Administrator supports authentication using Microsoft AD, Azure AD or Local User account credentials.
The following authentication options are:
|Windows Integrated (IWA)||Standard, automated authentication through Integrated Windows Authentication (IWA).|
|Password||Manual authentication where users are prompted to enter their Active Directory credentials.|
|Provisional||Users that will not be authenticated.|
|Azure Token||Users are prompted to enter their Azure Active Directory credentials for authentication.|
The default authentication type for the Site-wide Default policy is Windows Integrated (IWA) and Password. Therefore, no additional policies need to be created if you desire to support standard Active Directory-based authentication between the client and the PEM Administrator. If you have clients belonging to domains in your infrastructure that cannot authenticate with PEM Administrator, you can create a policy for those domains and select Provisional as the authentication type.
Create an Authentication Policy
To create an authentication policy, select Add then populate the following fields:
|Name||The name of the authentication policy|
|Domain||The specific domain that will be assigned to the authentication policy. For example, @domain.com|
|Authentication||Select the authentication type from the drop-down which will be enforced to users belonging to domain, specified in the policy.|
|Azure Tenant ID|
If ‘Azure Token’ is selected in the ‘Authentication’ section, this field will appear. Enter the Tenant ID for the application that was created in Azure to support Azure AD authentications.
|Azure Client ID|
If ‘Azure Token’ is selected in the ‘Authentication’ section, this field will appear. Enter the Client ID for the application that was created in Azure to support Azure AD authentications.Enter the application ID in this field. It is visible when Azure Token is selected as an authentication type. An application ID is the ID of the specific application that you’ve created in Azure Active Directory. Each Azure ID has a unique Client ID.