Related Topics
Users must access Process Director with a User ID and password. A User ID must exist in the Process Director database before a login can occur. Process Director currently support 4 types of authentication methods for users.
Please keep in mind that these four different types of authentication methods create different account types that are treated as separate accounts in Process Director. A user might, for example, have both a built-in account and a Windows or Active Directory account. Once a user account is created, such as a Windows account, that user name and password cannot log in as a built-in account. That account must always authenticate via Windows security.
Accounts created with one authentication method are always created as separate accounts from those created through other authentication methods. For instance, lets say you have both a Windows and a Built-In account that use the login credentials:
User Name: UserA
Password: Password1!
Reusing the same user names and passwords for different accounts would be a bad security practice, and should be avoided!
If UserA logged in via Windows Single Sign-On (SSO), they will be logged into a completely different user account than the one they would access if they used the Process Director page to login directly to the Built-In account for UserA. These two user accounts, despite having the same name and password, are two separate user accounts, each of which uses a specific method to authenticate. As the note above indicates, reusing user names and passwords for different accounts is a bad security practice.
Built-in
This authentication method uses Process Director to authenticate users. This is the default authentication method. These users must be added to the Process Director database using the online Administration section of Process Director.
Windows Domain Security
This authentication mechanism uses Microsoft Windows to authenticate users. By default, Windows Domain Security is turned off. These Windows users will be automatically added to the Process Director database after being successfully authenticated by Windows. Additionally, you may also select Windows Integrated Logins to use as an SSO login.
Active Directory/LDAP
This authentication mechanism uses your LDAP server (e.g. Active Directory) to authenticate users. These users will be added automatically to the Process Director database after being successfully authenticated.
External
External users are those that are authenticated by a third party system, usually via Federated Identity/SAML authentication. SAML authentication can be provided through products such as IBM WebSphere, CA Siteminder, Cafesoft Cams, and many other other external authentication systems using the Process Director APIs. External users are automatically kept synchronized with the third party authentication system on every login.
This method of authentication and account creation is the best option for implementing complex authentication requirements, such as the use of Two-Factor (2FA) or Multi-Factor (MFA) authentication.
User Authentication Configuration
Navigate to the Authentication Settings under User Administration in the Administrators Section. Select the type of Authentication to use for Process Director. If you are using the Windows Authentication you must type the domain you'd like to authenticate within the “Windows AD Domain Name”.
Documentation Feedback and Questions
If you notice some way that this document can be improved, we're happy to hear your suggestions. Similarly, if you can't find an answer you're looking for, ask it via feedback. Simply click on the button below to provide us with your feedback or ask a question. Please remember, though, that not every issue can be addressed through documentation. So, if you have a specific technical issue with Process Director, please open a support ticket.
