External authentication

Platform supports the following external authentication methods, if you prefer external authentication:

• LDAP: Platform authenticates users based on a specific LDAP subtree.
• LDAP Advanced — Platform authenticates users based on LDAP, which can include multiple user groups.
• HTTP POST — Platform accesses an external system via HTTP POST to authenticate users.
• HTTP GET — Platform accesses an external system via HTTP GET to authenticate users.
• OpenEdge — Platform authenticates users based on user account information stored in an OpenEdge Application Server.
• Windows (Kerberos) — Platform authenticates users using Kerberos authentication.
• Configuring SAML/ADFS Authentication — Platform authenticates users using Security Assertion Markup Language (SAML).
• Custom Authentication for Private Cloud — Platform authenticates users using a custom authenticator as an alternative to authentication methods provided by Platform.

Default Setting:The Default UI or Default API fields indicate the authentication profile that is currently set as a default UI or default API authentication type. However, there is no compulsion that only one authentication profile should be the default for both the UI & API authentications.

When configuring external authentication, parameters to connect to the external system are treated as templates and accept the following tokens:

• {!loginName} — the log in name entered by the user
• {!password} — the password entered by the user
• {!ipAddress} — the IP address used by the user who is trying to log in
• Any field token from the User object, such as {!lastName}

See Example: external system single sign-on for an example of configuring external authentication using HTTP POST or HTTP GET.