DPA user authentication
DPA offers the user authentication options described in the following sections.
AD and LDAP
DPA supports Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) authentication. Using your existing authentication infrastructure eliminates the need to duplicate your user accounts in DPA. After you configure AD or LDAP authentication, users can log in with their domain account or a custom user account created by DPA.
AD user authentication
DPA integrates with Windows Active Directory (AD). DPA uses the security group information from AD to assign permissions to groups. To configure DPA user authentication and permissions using AD, see Configure Active Directory or LDAP.
If your repository database is Azure SQL and you are monitoring one or more Azure SQL databases, you can use Azure AD authentication in DPA. To configure DPA user authentication and permissions using Azure AD, see Use Azure AD authentication in DPA.
LDAP user authentication
DPA integrates with most LDAP implementations to assign permissions to groups. To configure DPA user authentication and permissions using LDAP, see Configure Active Directory or LDAP.
Using single sign-on (SSO), your AD users can log in to DPA without re-entering the domain credentials they used to log in to their operating system. Before you configure DPA for SSO, configure DPA for AD authentication.
Common Access Cards
You can use a Common Access Card (CAC) to log in to Windows and DPA. Before using a CAC, configure DPA for AD, and then for SSO as described in the sections above.
SAML authentication in DPA offers single sign-on (SSO) and the opportunity to use different credential storage or multifactor authentications using third-party providers like Okta, Azure AD, or Keycloak.
What is SAML?
The Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The most common use of SAML is web browser single sign-on (SSO). DPA supports SAML 2.0.
Authentication is determining that the users are who they claim to be. Authorization is determining if users have the right to access certain systems or content.