Arcentry Enterprise - Authentication
Arcentry Enterprise provides two different ways of Authentication:
- internal: The Arcentry Enterprise server manages all users. It provides both signup and login forms and is solely responsible for Authentication and permissioning.
- webhook: Authentication and access requests are forwarded to an HTTP Endpoint that you maintain. This allows for the highest degree of flexibility and enables integration with third-party systems such as existing user databases, SSO or active directory.
- azureAdJwt: Integration with Azure Active Directory / Microsoft Identity Platform. Please find more about it here.
Authentication and Permissioning happen at three crucial points:
- Whenever a new user accesses the application for the first time (signup)
- Whenever an existing user tries to access the application (login)
- Whenever a user tries to access a document
If you use Webhook authentication, login and signup become the same step. Whenever Arcentry receives a new third-party id as a response to a login request, it creates an internal profile for that user.
All authentication settings are configured in the Authentication section of arcentry-conf.yml. Here you can switch between internal and webhook auth, set endpoint URLs and disable the login, signup and forgot password workflows.