Authentication & Login

Overview

Authentication is a process that verifies the identity of a user before granting access to a system. It ensures that only authorized users can access specific resources and perform actions. There are various authentication methods, each providing different levels of security and user experience.

Authentication Methods

Password-Based Authentication

  • Description: The most common authentication method where users provide a username and password to access the system.

  • Implementation:

    • Password Storage: Use secure hashing algorithms (e.g., bcrypt, Argon2) to store passwords.

    • Password Policies: Enforce policies for password complexity, length, expiration, and reuse prevention.

    • Login Process: Users enter their credentials, which are verified against the stored hashed password.

  • Advantages: Simple and widely understood by users.

  • Disadvantages: Susceptible to brute force attacks, phishing, and poor password practices.

One-Time Password (OTP) Authentication

  • Description: An additional security layer where a one-time password is sent to the user’s email or phone, which must be entered along with the primary password.

  • Implementation:

    • OTP Generation: Generate a unique, time-limited code using algorithms like TOTP (Time-Based One-Time Password) or HOTP (HMAC-Based One-Time Password).

    • OTP Delivery: Send the OTP to the user’s registered email or phone via SMS.

    • Verification: Users enter the OTP, which is validated by the system.

  • Advantages: Adds a second layer of security beyond the password.

  • Disadvantages: Dependence on email/SMS delivery and potential for interception.

Two-Factor Authentication (2FA)

  • Description: Combines two different authentication methods, typically a password and an OTP.

  • Implementation:

    • Primary Authentication: The user enters their password.

    • Secondary Authentication: The user enters an OTP received via email, SMS, or generated by an authenticator app.

    • Verification: Both the password and OTP must be correct for access.

  • Advantages: Significantly increases security by requiring two independent forms of verification.

  • Disadvantages: More complex user experience and requires additional setup.

Single Sign-On (SSO)

  • Description: Allows users to log in once and access multiple related systems without needing to log in again for each system.

  • Implementation:

    • Identity Provider (IdP): Set up an IdP that authenticates the user.

    • Service Providers (SPs): Configure SPs to trust the IDP for authentication.

    • SSO Protocols: Use standard protocols like SAML (Security Assertion Markup Language), OAuth, or OpenID Connect.

    • Session Management: Manage user sessions across multiple systems seamlessly.

  • Advantages: Improves user experience by reducing the number of login prompts and centralizing authentication.

  • Disadvantages: If the IDP is compromised, all connected systems are at risk

Configuring Authentication Methods At Tenant Level

Authentication methods can be configured at the root tenant level to provide flexibility and security tailored to different organizational needs. Each root tenant can decide which authentication methods are available for their users.

Tenant-Level Configuration

  • Default Login Type: The tenant admin can configure a default login type for all users within the tenant.

  • Enable User-Based Login Configuration: If enabled, users can choose or change their login type from the available methods configured by the tenant.

  • Disable User-Based Login Configuration: If disabled, the login type will be strictly enforced based on the tenant's default settings.

Example Scenarios

Scenario 1: Default Password-Based Authentication

  • Tenant: Punjab

  • Default Login Type: Password

  • User-Based Login Configuration: Disabled

  • Outcome: All users in Acme Corp must use password-based authentication. They cannot choose or change their login method.

Scenario 2: User Choice Between Password and OTP

  • Tenant: Karnataka

  • Default Login Type: Password

  • User-Based Login Configuration: Enabled

  • Available Login Methods: Password, OTP

  • Outcome: Users in Beta Inc. can choose between password and OTP for logging in. The choice can be updated based on user preference.

Scenario 3: Enforced 2FA

  • Tenant: Maharashtra

  • Default Login Type: 2FA (Password + OTP)

  • User-Based Login Configuration: Disabled

  • Outcome: All users in Gamma Ltd. must use 2FA, combining password and OTP. Users have no option to change this setting.

Last updated

Was this helpful?