User Login Options by Authentication Method and Server Authentication Scope#

The sections below provide two views of user login authentication:

  • A flowchart that highlights authentication checks carried out by VOSS Automate for the authentication method set as Automatic.

  • Two matrices showing successful user login in accordance with specific server and user configurations. The matrices are divided according to whether the user uses an SSO login URL.

Authentication Flow#

The flowchart below shows the authentication process in VOSS Automate when a user logs in. Specifically, the chart shows the system process where the authentication method on VOSS Automate is set to be Automatic.

Settings and conditions to check include:

  • User login and settings (user and authentication)

  • Servers (SSO, LDAP) set up and their settings (scope and authentication)

  • System settings (global authentication method)

@startuml 'Authentication !include style.iuml :User login * username * password; note left [[../src/user/tasks-admin-gui-access.html Use login URL]] end note :Find data/User by username; :Look for SSO server in scope with ALL/empty user type; note left * [[../src/user/sso-idp.html Authentication Scope]] * Down (default) * Local * [[../src/user/sso-idp.html User sync type]] * All users (default) * LDAP Users only end note if (Found\nSSO\nserver?) then (yes) end note right [[../src/user/tasks-admin-gui-access.html Use SSO\nlogin URL]] end note else (no) if (LDAP or\nUCM LDAP\nsync source?) then (yes) :Look for SSO server in scope with LDAP user type; note left Check if the LDAP user is in scope of SSO server end note if (Found\nSSO\nserver?) then (no) :Look for LDAP server in scope + auth_enabled + sync_type == LDAP synced users; note left * [[../src/user/add-ldap-server.html Authentication Scope]] * Down (default) * Local * [[../src/user/add-ldap-server.html User sync type]] * LDAP synced users only * All users (default) end note if (Found synced\nLDAP server) then (no) :Look for LDAP server in scope + auth_enabled + sync_type == ALL users or empty; else (yes) :Authenticate against LDAP; if (Authenticated?) then (yes) :pass: LDAP; stop note left User logged in end note else (no) :fail: Rejected by synced LDAP server; end note right User not logged in end note endif endif else (yes) end note left [[../src/user/tasks-admin-gui-access.html Use SSO\nlogin URL]] end note endif else (no) :Look for LDAP server in scope + auth_enabled + sync_type == ALL users or empty; endif if (Found 1 or\nmore LDAP\nservers?) then (yes) while (More servers?) note left Loop through LDAP servers and attempt authentication end note :Authenticate against LDAP; endwhile if (Authenticated?) then (yes) :pass: LDAP; stop note left User logged in end note else (no) :fail: Rejected by ALL LDAP servers; end note right User not logged in end note endif else (no) :Authenticate locally; if (Authenticated?) then (yes) :pass: LOCAL; stop note left User logged in end note else (no) :fail: rejected by LOCAL; end note left User not logged in end note endif endif endif @enduml

Authentication Matrix#

This section provides details on whether users can log in on VOSS Automate (Y or N), based on:

  1. User authentication method (Auth Method): either Local, LDAP, SSO, or Automatic

    See:

  2. User sync type: either all users, or LDAP synced

    See:

  3. Server authentication scope: one of the following:

    • Current and below

    • Current only

    See:

Note

If an IDP server is in scope and authentication method is set to LDAP, authentication is attempted against LDAP on login.

If the authentication method is set to Automatic, IDP(SSO) authentication takes precedence.

IDP(SSO) - User on IDP Server, and SSO Login URL Used#

User auth method

Server authentication scope (hierarchy):

Current hierarchy and below

Current hierarchy only

User sync type - who can authenticate:

all users

synced users

all users

synced users

Local

N

Y

Y (If user not at server node)

Y

LDAP

N

Y

Y (If user at server node)

Y (If user at server node)

SSO

Y

Y (If LDAP synced user)

Y (If user at server node)

Y (If user LDAP synced at server node)

Automatic

Y

Y (If LDAP synced user)

Y (If user at server node)

Y (If user LDAP synced at server node)

No IDP(SSO) - LDAP Configured and Enabled for Authentication#

User auth method

Server authentication scope (hierarchy):

Current hierarchy and below

Current hierarchy only

User sync type - who can authenticate:

all users

synced users

all users

synced users

Local

N

Y

Y (If user not at server node)

Y

LDAP

Y

Y

Y (If user at server node)

Y (If user at server node)

SSO

N

N

N

N

Automatic

Y (if synced user)

Y (if synced user)

Y (If user synced at server node)

Y (If user synced at server node)