User authentication methods

Several methods of user authentication are supported. These include DB Realm, Windows Active Directory with LDAP or SSO, Security Assertion Markup Language (SAML), and OpenID Connect (OIDC). Each method uses a specific authentication principle (federated or form based), and can be used for specific applications (desktop/web, mobile, reports). The authentication process is implemented in the WebLogic component.

One Time Password (OTP)

A one-time password can be generated from within the Workforce Engagement (WFE) environment. Users with relevant system privileges copy the generated one-time password from within WFE, and use it in conjunction with their user name to log in to Ad Hoc Reports.

Windows Active Directory (LDAP)

The Windows Active Directory (LDAP) is a Form-based authentication method, which uses a simple bind authentication process. The user is identified by the Active Directory and the proof of identity comes in the form of a password. When a more secure method is required, Secure LDAP (SLDAP) can be used.

Windows Active Directory (SSO)

Windows Active Directory (SSO) is a Federated authentication method. SSO allows users, once they have signed in to Windows, to automatically sign in to the system. Password verification takes place during Windows sign in. Upon success, a Kerberos ticket is generated. When the user is authenticated, the Kerberos ticket is validated.

Security Assertion Markup Language (SAML)

SAML is a Federated authentication method, which uses XMLs for exchanging user authentication between the customer identity provider (IdP) and WFO as the Service Provider (SP), or Relying Party (RP). Similar to the Kerberos ticket exchange in Windows Active Directory (SSO), SAML SSO works by transferring the user's identity from the IdP to SP. This is done through an exchange of digitally signed XML documents (SAML assertion).

OpenID Connect (OIDC) for mobile

OpenID Connect is a Federated authentication method, and a standard for single sign-on and identity provision on the internet. Similar to SAML, OIDC is an authentication method where the user's credentials are held with a third-party identity provider (IdP) and not within the system. The user's identity is verified based on a simple JSON- based identity token. This is delivered on top of the OAuth protocol and is suitable for mobile applications, such as Verint WorkView.

DB Authentication (DBRealm)

The DB Realm (system or internal) is a Form-based authentication method. DBRealm authenticates the user with a user name and password that is maintained solely within the system database . The password hashes are managed securely in the database . When DB Realm authentication method is used, password and account locking policies are also managed within the system.

To comply with PCI 4 security requirements, DB Authentication should not be used in production environments.