Security Guide for Siebel eBusiness Applications > About Security Resources for Siebel Applications > Siebel Security Architecture >

User Authentication for Secure System Access

Siebel Systems has developed an open authentication architecture that integrates with a customer's selected authentication infrastructure. Siebel Systems supports three primary types of authentication:

These authentication mechanisms apply whether users access the Siebel application from within a local area network, a wide area network, or remotely. Figure 1 shows the three primary types of user authentication within a Siebel site.

Figure 1.  Methods of User Authentication Within a Siebel Site

Click for full size image

Database Authentication

For employee applications, Siebel Systems provides internal mechanisms for credential collection and verification. The default login form collects Siebel username and password credentials. The underlying security systems of the database verify users' credentials.

Each user must have a valid database account in order to access the Siebel application. The internal authentication deployment supports password encryption for protection against hacker attacks.

NOTE:  The exact valid character set for a Siebel username depends on the underlying authentication system. For database authentication, refer to documentation from your RDBMS vendor.

Security Adapters for External Authentication

For employee or customer applications, Siebel Systems includes a preconfigured security adapter interface to allow organizations to externalize credential verification. The interface connects to a security adapter, which contains the logic to validate credentials to a specific authentication service.

NOTE:  The exact valid character set for a Siebel username depends on the underlying authentication system. For external authentication, refer to documentation from your vendor, such as one of those listed below.

Siebel Systems customers can therefore verify user credentials with security standards such as Lightweight Directory Access Protocol (LDAP) or Active Directory Services Interface (ADSI).

Siebel Systems has developed security adapters for leading authentication services. Integration is currently certified and supported for IBM Directory Server, Microsoft Active Directory, Novell NDS eDirectory, and Sun ONE Directory Server.

Security Adapter SDK

Siebel Systems offers the Siebel Security Adapter Software Developers Kit (SDK), to allow companies to build additional security adapters. Such additional adapters can support other authentication technologies such as digital certificates, biometrics, or smart cards.

For example, a security adapter is available for the RSA Secure ID token. This token is a portable token that provides users with a key that changes after a specified time interval, such as one minute. Only by supplying both the key and the user's password or other credentials can the user gain access to the Siebel application.

The security adapter interface is critical to the Siebel architecture because, for most Siebel Systems customers, authentication has become an enterprise decision, rather than an application-specific decision. The authentication service can be a shared resource within the enterprise, thereby centralizing user administration.

The Siebel Security Adapter SDK is described in Siebel Security Adapter Software Developers Kit 7, available on Siebel SupportWeb.

Web Single Sign-On

Siebel Systems offers customers the capability to enable a single login across multiple Web applications—also known as Web Single Sign-On (SSO). Siebel Systems provides a configurable mechanism for communicating with Web SSO infrastructures, identifying users, and logging users into Siebel applications.

With Web SSO, users are authenticated independently of Siebel applications, such as through a third-party authentication service, or through the Web server.

NOTE:  The exact valid character set for a Siebel username depends on the underlying authentication system. For Web SSO, refer to documentation from your vendor, such as one of those listed below.

Siebel Systems has alliances with leading security providers for Web SSO integration. Providers are listed as security software partners in the Alliances section of the Siebel Web page.


 Security Guide for Siebel eBusiness Applications 
 Published: 23 June 2003