What is LDAP?
The Lightweight Directory Access Protocol (LDAP) is an open-source application protocol that allows applications to access and authenticate specific user information across directory services.
What Newgen LDAP Offers
Newgen LDAP uses LDAP/LDAPS protocol for authenticating users and fetching user/group lists and properties apart from passwords. It connects with the active directory using JNDI and fetches the user/group list to synchronize with Newgen ECM. The users who are fetched from the active directory are marked as domain users. These users are authenticated for their password in the active directory, and login is allowed to any module after successful authentication.
It can also synch users from more than one domain and provides support for the authentication of the user from their corresponding domain.
Security with Newgen LDAP
As the application doesn’t maintain the password of the user, it provides more security as compared to the cases where the password is maintained by Newgen ECM. All policies of Active Directory apply to the user, and the password policy is also applicable. This enables the central management of users’ credentials for logging in to different modules. No separate password will be required in various modules/products of Newgen. Any domain user who has been synchronized in the Newgen ECM can be able to log in with its active directory credential.
Newgen LDAP supports both LDAP V2 and LDAP V3. LDAP v3 uses the Simple Authentication and Security Layer (SASL) authentication framework (RFC 2222) to allow different authentication mechanisms to be used with the LDAP. SASL specifies a challenge-response protocol in which data is exchanged between the client and the server for authentication. Several SASL mechanisms are currently defined: DIGEST-MD5, CRAM-MD5, Anonymous, External, S/Key, GSSAPI, and Kerberos v4. An LDAP v3 client can use any of these SASL mechanisms, provided that the LDAP v3 server supports them.
What is SSO?
“SSO stands for Single Sign-On”. SSO is a mechanism whereby a single action of user authentication and authorization can allow a user to access several software applications across the enterprise without the need to enter multiple passwords.
What Newgen SSO Offers
NewgenSSO framework provides a common interface wherein different applications can be registered for SSO authentication. This framework supports protocol standards, namely NTLMV1, NTLMV2, Kerberos, and SAML, which can be configured. It also provides a framework to support any custom encryption token apart from standard protocols. The single logout provision is also included in the framework.
An SSO context is maintained, which carries out the SSO authentication by passing the request token to the application server. The application server then passes this to the corresponding Directory server or Federation service to retrieve the response token. This response token is parsed to fetch the logged-in user properties. After the user properties are extracted from the token SSO application connects the cabinet and passes the session token to the corresponding application’s post-login page.
Just In Time user creation is also supported if a user logs in through NewgenSSO and is not already created in the system.
Security with Newgen SSO
Newgen SSO with protocols NTLM, NTLMV2, and KERBEROS user doesn’t have to enter its credential once he is logged in to the client machine with its domain credential. The authentication is done using the token for the corresponding protocol. Users no longer must enter the domain password in any GUI interface. This prevents the user password from being exposed to Newgen Application’s GUI.
SAML protocol is also supported in NewgenSSO. It provides a more enhanced layer of security where the credentials need to be provided in the interface of IDP (i.e., AFS/OKTA, etc.). IDP returns the token to the preregistered endpoint of NewgenSSO post successful authentication. Newgen SSO then parses the token to fetch the user details and provides the session token to launch the post-login page of any Newgen Module.