User authentication methods in Jitterbit App Builder

Overview

This guide provides an overview of the different User Authentication methods which can be configured with App Builder and App Builder applications. More detail for these methods can be found on linked articles and guides.

User authentication methods

Single-sign on

Protocols:

• WS-Federation

• SAML

• WAM

Examples:

• Microsoft AZURE AD

• OKTA

• Salesforce

• CA (SiteMinder)

• Other OAUTH2 Providers

For more detail, please see:

• Security provider - WS-Federation

• Configuring Active Directory federation services using SAML single sign on

• Configuring CA single sign on using web access management (WAM)

Local user authentication

The Local User security provider type is a forms-based authentication provider. It allows Users to log into App Builder using a username and password. Passwords are stored within App Builder.

For more detail, please see the User and group management: local authentication guide.

Windows integrated authentication

The web server is responsible for authenticating the User against a Windows domain. The authentication provider maps the Windows User to an App Builder Identity.

For more detail, please see the Configuring integrated Windows authentication article.

Active Directory

The web server is responsible for authenticating the User against a Windows domain. The authentication provider maps the Windows User to an App Builder Identity.

For more detail, please see the Security provider - Active Directory article.

Application authentication (custom)

The Application Authentication security provider allows developers to build their own login forms. Developers can authenticate clients using an approach suitable to the application. For example, applications may want to:

• Maintain their own User accounts.

• Validate credentials with a third-party.

• MFA: Verify a phone number by texting a One-time Passcode (OTP).

• Allow clients to sign in semi-anonymously.

The Application Authentication security provider is fundamentally a form of external User Authentication. However, instead of redirecting clients to a third-party Identity Provider (IdP), clients are redirected to an App Builder page. Otherwise, the flow is the same.

For more detail please see the Security provider - application authentication and Configure Application authentication articles.

Anonymous access

Users who have not authenticated are considered "anonymous". Typically, anonymous Users are not granted privilege to App Builder resources. As a result, anonymous Users are redirected to the App Builder login page. This section describes how to grant anonymous Users' access to an App Builder application.

Anonymous authentication is enabled by default. Any request not associated with an App Builder User is automatically associated with the "anonymous" User. At which point, the request executes under the User principal "anonymous".

For more detail please see the Anonymous access and HTTP anonymous authentication articles.

User provisioning

Unlike most other security provider types, the User Provisioning provider type is not a User or data source authentication scheme. Instead, it enables programmatic creation of User accounts.

App Builder does not allow developers to build CRUD rules that write directly to the App Builder User and group tables. Instead, App Builder exposes a public data object named User_Create. Developers can build XP CRUD rules that insert records into the User_Create data object, thus creating User accounts.

The User_Create data object requires a ProviderId. The ProviderId identifies the security provider configuration to use when creating a new User account. Typically, it identifies a User Provisioning security provider.

This approach allows developers to build applications which support User account creation while allowing security administrators to maintain control of the authorization policies applied to new User accounts. This is done with security provider groups. See User & Group Provisioning for more information.

Provider security groups

External authentication providers may define their own security groups (sometimes called roles or scopes). Security administrators can map these to App Builder security groups.

Security provider groups have the following properties:

• Provider - The security provider (User or data source) to which the group belongs.

• Identifier - Unique name assigned by the security provider.

• Group - The App Builder security group to which the security provider group is mapped.