OnBase security comprises two components: authentication and authorization. Authentication asserts the identity of an individual and authorization determines what an identity has permissions to do. This module reference guide focuses on authentication in OnBase, which includes standard logins, advanced login methods, non-interactive/automatic logins, and single sign-on.
Significant value is achieved by consolidating authentication methods across an enterprise or across even a few systems. Users achieve increased productivity by having fewer passwords to remember and fewer log ins to accomplish in the course of their work. An improvement in overall system security is also achieved with fewer passwords because users are less likely to use a simple password that is easily compromised or to resort to writing down their multiple passwords.
A standard OnBase installation provides support for the standard OnBase user name and password authentication, Active Directory Authentication, and LDAP authentication.
-
Active Directory authentication allows users to be logged into OnBase automatically, based upon the user's domain login. This is an effective method for controlling single authentication over a LAN.
-
LDAP authentication logs users in to OnBase based on an LDAP query (from directory services such as Active Directory). This is also effective over a LAN.
The three authentication methods that OnBase supports out-of-the-box work well for most customers when OnBase and any other applications or web pages are used on a company intranet.
Active Directory and LDAP authentication schemes have the added security benefit that users need only remember one password, making it less likely that they will write their passwords down where someone can find them. You can also choose whether you want users to be prompted for login credentials when accessing OnBase or if users are logged in to OnBase automatically based on the credentials supplied when they logged on to their workstation.
When OnBase is being tightly integrated with another system and access is required over an extranet or the Internet, customers should use the single sign-on authentication method. Customers may also desire to use a single authentication method for all of their systems, including OnBase, and to support a single sign-on so that a user can access all systems without re-authenticating once their session is established.
This manual is written on the assumption that the System Administrator has the necessary knowledge regarding the company's network authentication schemes, and understands how they work.
These options provide the ability to implement global security changes to your OnBase system and should never be made available to non-administrative users. If configured incorrectly, your OnBase system may be made more vulnerable and users can be locked out of OnBase.