Authentication determines the identity of users before granting access to PPM. PPM offers the following authentication modes:
- Forms based (Native), which is the default mode for PPM. In this mode, the PPM database acts as the authority and the application handles the authentication of the user who is logging into that application.
- Single Sign-On (SSO) controls access to Web applications, specifically PPM. In SSO mode, the PPM application is a protected resource. When a user tries to login to it, a Web agent intercepts the login and prompts the user for login credentials. The Web agent passes the user's credentials to a policy server, which authenticates them against a user data store. With SSO, once the users login, they are logged into all Web applications during their browser session (as long as all Web applications authenticate against the same policy server).
Two types of Single Sign-On apply to PPM:
- Integrated Windows Authentication - The PPM application can be integrated with Microsoft Windows domain authentication, such that a user, who has been authenticated by a Microsoft Windows domain controller, will automatically be authenticated with PPM as well. By enabling this functionality users will not be prompted for their usernames and passwords by PPM, but will be automatically logged into the PPM application without the need to use the login dialog screen.
- Integration with Third-Party Single Sign-On Products - The PPM application can be integrated with third-party Single Sign-On (SSO) products, such that a user, who has been authenticated by a third-party SSO product, will automatically be authenticated with PPM as well. By enabling this functionality users will not be prompted for their usernames and passwords by PPM, but will be automatically logged into the PPM application without the need to use the login dialog screen.
For more information, refer to Primavera Portfolio Management Enabling Single Sign-On in the Oracle Primavera Portfolio Management System Administration Guide.
- Web SSO, can be configured to allow web authentication of users' access to the following server tools: Action Queue Viewer, Database Cleanup Utility, Import Portfolio Management Package, Export Portfolio Management Package, and Schedule Portfolio Management Tasks.
Single Sign-On will help you to create the most secure authentication environment available in PPM.
P6 EPPM Web Services offers its own authentication options. If you use SAML for P6 EPPM Web Services, you must use Single Sign-on authentication for PPM.