Authentication is the process of verifying the identity of a user attempting to connect to InterSystems IRIS. Once authenticated, a user can communicate with InterSystems IRIS and use its tools and resources. InterSystems IRIS supports several different authentication mechanisms:
Kerberos Authentication System — For maximally secure connections, InterSystems IRIS can use the Kerberos protocol to enable users and InterSystems IRIS to identify each other and to ensure the validity of communications within a session. Kerberos provides secure authentication over unsecured networks.
Operating System Based — InterSystems IRIS can use the operating system's user identity to identify the user. The user authenticates with the operating system using its native authentication system. InterSystems IRIS then obtains the user's operating system level identity when the user attempts to connect. If this information matches an InterSystems IRIS user, authentication succeeds.
Instance Authentication — InterSystems IRIS also provides its own login mechanism. When the user attempts to log in InterSystems IRIS compares the hashed value of the password with the value stored in InterSystems IRIS. If the values match, authentication succeeds.
Delegated Authentication — InterSystems IRIS also supports user defined custom authentication mechanisms.
Lightweight Directory Access Protocol (LDAP) — InterSystems IRIS supports authentication using LDAP.
In addition, InterSystems IRIS supports two-factor authentication. Two-Factor authentication requires that a user provide a second security token in addition to an initial password. This second token can be secret code generated by InterSystems IRIS and sent by SMS to the user. The second token can also be a code generated by a Time-based One-time Password Algorithm (TOTP) app.
InterSystems IRIS also provides the option of allowing users to access InterSystems IRIS unauthenticated. In this mode users can connect to InterSystems IRIS without using any authentication mechanism whatsoever.
Authorization is the process of determining which InterSystems IRIS resources an authenticated user is allowed to access. InterSystems IRIS provides authorization functionality in addition to its authentication functionality. For more information on user authorization in InterSystems IRIS, see Part Two of this tutorial.