Overview
Incydr's identity management functionality is an important security feature that allows you to give users access to the right resources within Incydr.
Incydr separates the concepts of user authentication and authorization. This approach gives you the flexibility to create and customize your environment based on your organization's needs for security, scalability, employee productivity, and user management.
This article describes the options for connecting your Incydr environment with authentication and provisioning providers for user authentication and authorization:
- Single sign-on (SSO)
- SCIM provisioning
- Incydr User Directory Sync
- Local Incydr directory
Comparison of authentication and authorization methods
Each method of authentication and authorization has advantages for different situations. This list describes a few of the highlights of each method.
| Method | Capability | Advantages | Disadvantages | Scalability |
|---|---|---|---|---|
| Incydr User Directory Sync | Authorization only |
|
|
High |
| Local | Authentication and authorization |
|
|
|
| SSO | Authentication only |
|
|
High |
| SCIM provisioning | Authorization only |
|
|
High |
Compatibility
All of these methods are compatible with each other. You can choose any combination of these authentication and authorization methods.
Authentication
Authentication is the process of identifying and verifying users. In Incydr, this occurs when:
- Users sign in to the insider risk agent or Incydr console
- Users are registered for the first time
SSO
Implementing single sign-on (SSO) as the authentication method in your Incydr environment provides security benefits and simplifies the sign-in experience. Incydr SSO uses SAML 2.0.
Introduction and overview
Configuration instructions for Incydr cloud environments
Incydr has tested single sign-on integration with the following identity providers:
- Azure
- InCommon
- Microsoft Active Directory Federation Services (AD FS)
- Okta
- OneLogin
- PingOne
- Shibboleth
SAML settings
You can integrate any SAML 2.0-compliant identity provider with Incydr. In some cases you may need to update the SAML configuration to work with the identity provider's settings. For directions, see Set SAML attributes for SSO.
Authorization
Authorization is the process of determining what roles and permissions a user is entitled to. Use the provisioning provider screen to configure authorization methods within Incydr.
In Incydr, authorization includes user management. User management allows Incydr to automatically activate and deactivate users, move users into organizations, and assign roles to users.
You can use any of the following authorization methods:
- Incydr User Directory Sync
- Local Incydr directory
- SCIM provisioning
Incydr User Directory Sync
Using LDAP, Incydr User Directory Sync connects your directory service, such as Active Directory (AD), and your Incydr environment.
Introduction and overview
Configuration instructions for Incydr cloud environments
- Existing Incydr environments: Configure Incydr User Directory Sync
- New Incydr environments: Incydr User Directory Sync is configured during your initial implementation.
SCIM provisioning
SCIM is an open standard protocol for automating user management within cloud applications.
Introduction and overview
Configuration instructions for Incydr cloud environments
Still unsure?
Please contact sales for information on our consulting options.
Comments
Please sign in to leave a comment.