Skip to main content


InterSystems IRIS supports several different types of user accounts:

  • InterSystems IRIS Password — This type of user authenticates using Kerberos, Operating System (no delegated authorization), or Instance Authentication.

  • Delegated — This type of user authenticates using only delegated authentication, that is, custom defined authentication mechanisms.

  • LDAP — This type of user authenticates using only LDAP authentication.

  • OS User — This type of user authenticates through the operating system (OS) when delegated authorization is in use.

The Management portal provides a tool for creating and editing Instance Authentication user accounts. Both Delegated and LDAP user accounts are created and edited through external means. The information is visible but not editable using the Management Portal.

Use the Users page of the portal (click [Home] > [System Administration] > [Security] > [Users]) to view, edit, or create user account information.

The following information is required for each user:

User Account Required Properties




Unique user identifier.


Secret phrase used to establish a user's identity.

Confirm Password

Confirmation of the user's secret phrase.

User Enabled

Account status. If checked the account is enabled. If not the account is disabled and cannot be used for authentication.


For instructions on adding or editing a user in InterSystems IRIS, see Creating a User.

For more information on the different types of InterSystems IRIS user accounts, see Users.

Each user can be assigned one or more roles. These roles determine what features of InterSystems IRIS the user can access once successfully authenticated. For more information on user authorization and roles, see About InterSystems Authorization.

FeedbackOpens in a new tab