---
title: Authentication and authorization
description: Clients must use HTTP Basic authentication to authenticate to the Configuration API.
component: pingdirectory
version: 9.3
page_id: pingdirectory:pingdatametrics_server_administration_guide:pd_met_authn_authr
canonical_url: https://docs.pingidentity.com/pingdirectory/9.3/pingdatametrics_server_administration_guide/pd_met_authn_authr.html
revdate: September 13, 2023
---

# Authentication and authorization

Clients must use HTTP Basic authentication to authenticate to the Configuration API.

If the username value is not a DN, then it will be resolved to a DN value using the identity mapper associated with the Configuration servlet. By default, the Configuration API uses an identity mapper that allows an entry's UID value to be used as a username. To customize this behavior, either customize the default identity mapper, or specify a different identity mapper using the Configuration servlet's `identity-mapper` property. For example:

```shell
$ bin/dsconfig set-http-servlet-extension-prop \
  --extension-name Configuration \
  --set "identity-mapper:Alternative Identity Mapper"
```

To access configuration information, users must have the appropriate privileges:

* To access the `cn=config` backend, users must have the `bypass-acl` privilege or be allowed access to the configuration using an ACI.

* To read configuration information, users must have the `config-read` privilege.

* To update the configuration, users must have the `config-write` privilege.