User authentication matrix

Determine the authentication method to use based on the applications you use, and your organization's user authentication policy. You can use a mixture of mechanisms, for example SAML for Desktop/Web and DBRealm for Ad hoc reports.

Authentication Method

Authentication Principle

Desktop/Web

Ad hoc Reports

Mobile

One Time Password (OTP)

One-time password generated from WFE

X

LDAP can be used for desktop/Web

X

Windows Active Directory (LDAP)

Form-Based Authentication. Credentials validated against Active Directory.

LDAP can be used for desktop/Web

LDAP can be used for Ad hoc/web

LDAP can be used for mobile

Windows Active Directory (SSO)

Federated Authentication

SSO can be used for desktop/web

X

X

Security Assertion Markup Language (SAML)

Federated Authentication

SMAL can be used for desktop/web

X

X

OpenID Connect (OIDC)

Federated Authentication

X

X

OIDC can be used for mobile

DB Authentication (DBRealm)

Form-Based Authentication. Credentials validated against the system database.

DBRealm can be used for desktop/web

DBRealm can be used for Ad hoc reports

DBRealm can be used for mobile

To comply with PCI 4 security requirements, DB Authentication should not be used in production environments.

Related topics 

User authentication methods

Mixed Mode Authentication (MMA)