The Dynamic Site Server (DSS) relies on Internet Information Services (IIS) with a Windows server to determine access to published content. Typically, this entails the use of anonymous access in conjunction with an account such as IUSR.

The user ID must match the user ID in the authenticating database in order to authorize individual users to work with content inside Ingeniux CMS.

All authentication methods generally use the same process. The CMS performs the following operations:

1. Captures user credentials.
2. Passes these credentials to the authenticating agent.
3. Authorizes the user to access content based on successful authentication.

The CMS relies on one of several authentication methods:

Single Domain Microsoft Active Directory Authentication

Enables Active Directory (AD) authentication for a single domain via the CMS. In a Windows Domain environment, the domain\user account syntax must be used when creating users in the Users and Groups manager.

LDAP

Provides authentication services to the Ingeniux CMS site via a single non-Windows based LDAP service provider (e.g., OpenLDAP) that contains all users in a single section of the directory structure.

Multi-Provider

Supports a combination of external authentication methods on a single authentication instance.

RavenDB

By default, the CMS provides a local authentication mechanism implemented through RavenDB, which is at the core of the CMS.

SAML

Provides single sign-on (SSO) authentication using the SAML protocol.

Note

Configuring SAML Authentication includes information about setting up SSO and single log-out (SLO) authentication with SAML and provides configuration details for organizations that authenticate via Okta.

See Creating CMS Site Instances for details to set up authentication during the installation of CMS sites.