InterSystems IRIS® supports a wide variety of authentication mechanisms. Authentication determines if users are who they say they are. Additionally, InterSystems IRIS® supports a robust role-based authorization system, which determines an authenticated user can create, use, view, change, or delete.
Read all about it
LDAP
The lightweight directory access protocol
Kerberos
The Kerberos network authentication system
OS-based authentication
Using operating system credentials
Instance authentication
The InterSystems IRIS built-in authentication system
Delegated authentication
Using your own authentication system and tying in InterSystems IRIS
Using Resources to Protect Assets
The system, database, and service resources that protect assets such as an InterSystems IRIS database
Privileges and permissions
Combining permissions and resources to create privileges
Roles
Using roles, which are collections of privileges
Users
Managing users, including predefined users
Match authentication with authorization
Your authentication mechanism determines what authorization mechanism you can use.
Authentication mechanism |
Authorization mechanisms |
LDAP |
InterSystems authorization, LDAP |
Kerberos |
Delegated authorization, InterSystems authorization |
OS-based |
Delegated authorization, InterSystems authorization, LDAP |
Instance authentication |
InterSystems authorization |
Delegated authentication |
Delegated authorization, InterSystems authorization |
Two-factor authentication
InterSystems IRIS supports both SMS text authentication and time-based one-time password (TOTP) authentication.
Two-factor authentication
External authorization systems
delegated authorization (authorization only)
delegated authentication (authorization and authentication)
Match authorization with authentication
You can use each authorization/role-assignment mechanism only with certain authentication mechanisms.
Authorization/role-assignment mechanism |
Authentication mechanism(s) |
Delegated authentication (can also perform authorization) |
Delegated authentication |
Delegated authorization |
Delegated authentication, Kerberos, OS-based |
InterSystems authorization |
All authentication systems |
LDAP |
LDAP, OS-based |