Authentication in Ingeniux CMS


The Dynamic Site Server (DSS) relies on IIS (Internet Information Services) with a Windows server to determine access to published content. Typically, this entails the use of anonymous access in conjunction with an account such as IUSR.

The user ID must match the user ID in the authenticating database in order to authorize individual users to work with content inside Ingeniux CMS.

All authentication methods generally use the same process. The CMS performs the following operations:

  1. Captures user credentials.
  2. Passes these credentials to the authenticating agent.
  3. Authorizes the user to access content based on successful authentication.
Note
System administrators can configure the CMS and DSS in IIS to use the SSL (Secure Sockets Layer) protocol. The web server application handles this security level and doesn't impact the CMS as long as client requests can reach the web server.

The CMS relies on one of several authentication methods:

Single Domain Microsoft Active Directory Authentication
Enables Active Directory (AD) authentication for a single domain via the CMS. In a Windows Domain environment, the domain\user account syntax must be used when creating users in the Users and Groups manager.
LDAP
Provides authentication services to the Ingeniux CMS site via a single non-Windows based LDAP service provider (e.g., OpenLDAP) that contains all users in a single section of the directory structure.
Multi-Provider
Supports a combination of external authentication methods on a single authentication instance.
RavenDB
By default, the CMS provides a local authentication mechanism implemented through RavenDB, which is at the core of the CMS.
SAML
Provides single sign-on (SSO) authentication using the SAML protocol.
Note
Configuring SAML Authentication includes information about setting up SSO and single log-out (SLO) authentication with SAML and provides configuration details for organizations that authenticate via Okta.

See Creating CMS Site Instances for details to set up authentication during the installation of CMS sites.