To manage how users can access your applications, use authentication and authorization mechanisms. Authentication is the process of validating user identity and authorization is how you control what resources and data your users can access.
P6 uses multiple settings to support authentication. These settings also control the authentication used for all P6 EPPM applications except P6 EPPM Web Services. You set authentication settings in the Primavera P6 Administrator's Authentication tab.
P6 EPPM supports these authentication modes:
- Native is the default mode for P6 EPPM. In Native mode, the P6 EPPM database acts as the authority and the application handles the authentication of the user who is logging into that application.
- Single Sign-On (SSO) controls access to Web applications. In SSO mode, the applications are protected resources. When a user tries to log in, a Web agent intercepts the request and prompts the user for login credentials. The Web agent passes the user's credentials to a policy server, which authenticates them against a user data store. With SSO, once the users log in, they are logged in to all Web applications during their browser session (as long as all Web applications authenticate against the same policy server).
- Lightweight Directory Access Protocol (LDAP) authenticates users through a directory and is available for all applications. You can use LDAP referrals with Oracle Internet Directory and Microsoft Windows Active Directory. LDAP referrals allow authentication to extend to another domain. You can also configure multiple LDAP servers, which supports failover and enables you to search for users in multiple LDAP stores. An LDAP directory server database confirms the user's identity when they attempt to login to the application.
Note: For Oracle Internet Directory, referrals only work when you configure the directories to search anonymously.
Regardless of the authentication scheme you choose, the P6 EPPM database controls user authorization.