Siebel CRM Siebel Security Guide Siebel Innovation Pack 2016, Rev. A E24814-01 |
|
Previous |
Next |
View PDF |
Authentication is the process of verifying the identity of a user. Siebel Business Applications support multiple approaches for authenticating users. You choose either security adapter authentication or Web SSO authentication for your Siebel application users:
Security adapter authentication. Siebel Business Applications provide a security adapter framework to support several different user authentication scenarios:
Database authentication. Siebel Business Applications support authentication against the underlying database. In this architecture, the security adapter authenticates users against the Siebel database. Siebel Business Applications provide a database security adapter (it is configured as the default security adapter).
Lightweight Directory Access Protocol (LDAP) or Active Directory Service Interfaces (ADSI) authentication. Siebel Business Applications support authentication against LDAP-compliant directories or Microsoft Active Directories. In this architecture, the security adapter authenticates users against the directory. Siebel Business Applications provide the following two security adapters to authenticate against directory servers:
ADSI Security Adapter
LDAP Security Adapter
For more information, see "About LDAP or ADSI Security Adapter Authentication".
Custom. You can use a custom adapter you provide, and configure the Siebel Business Applications to use this adapter. For more information, see "Security Adapter SDK".
Web Single Sign-On (Web SSO). This approach uses an external authentication service to authenticate users before they access the Siebel application. In this architecture, a security adapter does not authenticate the user. The security adapter simply looks up and retrieves a user's Siebel user ID and database account from the directory based on the identity key that is accepted from the external authentication service. For more information, see Chapter 6, "Single Sign-On Authentication."
You can choose the approach for user authentication individually for each application in your environment, based on the specific application requirements. However, there are administrative benefits to using a consistent approach across all of your Siebel Business Applications, because a consistent approach lowers the overall complexity of the deployment.
Configuration parameter values determine how your authentication architecture components interact. For information about the purpose of configuration parameters, see Appendix A, "Configuration Parameters Related to Authentication." For information about the seed data related to authentication, user registration, and user access that is installed with Siebel Business Applications, see Appendix B, "Seed Data."
The following special issues apply for authentication for deployments using Siebel Developer Web Client or Mobile Web Client:
For a particular Siebel application, when users connect from the Siebel Developer Web Client to the server database, the authentication mechanism must be the same as that used for Siebel Web Client users. This mechanism could be database authentication or a supported external authentication strategy, such as LDAP or ADSI.
When connecting to the local database from the Mobile Web Client, mobile users must use database authentication. For information about authentication options for local database synchronization, see Siebel Remote and Replication Manager Administration Guide.