Access Management 7.3.2

Configure AM for authentication

AM provides the following features to authenticate users:

Authentication nodes and trees

AM provides a large variety of authentication nodes, and lets you develop custom nodes, based on your authentication requirements. You connect these nodes to create a tree that guides users through the authentication process.

Authentication modules and chains

AM provides a number of authentication modules to handle different methods of authenticating users. The modules can be chained together to provide multiple authentication mechanisms. A user’s credentials must be evaluated by one module before control passes to the next module in the chain.

Authentication nodes and trees are replacing authentication modules and chains. If your deployment uses modules and chains, you should consider moving to nodes and trees when possible.

The authentication process is extremely flexible, and can be adapted to suit your specific deployment. Although the number of choices can seem daunting, once you understand the basic process, you will be able to configure an authentication path to protect access to most applications in your organization.

Authentication is configured per realm. When a new realm is created, it inherits the authentication configuration of the parent realm. This can save time, especially if you are configuring several subrealms.

The following table summarizes the high-level tasks required to configure authentication in a realm:

Task Resources

Configure the required authentication mechanisms

You need to decide how your users are going to log in. For example, you may require your users to provide multiple credentials, or to log in using third-party identity providers, such as Facebook or Google.

Configure the realm defaults for authentication

Authentication chains and trees use several defaults that are configured at realm level. Review and configure them to suit your environment.

Configure the success and failure URLs for the realm

By default, AM redirects users to the UI after successful authentication. No failure URL is defined by default.

Configure an identity store in your realm.

The identity store you configure in the realm should contain those users that would log in to the realm.