Authentication and Authorization
InterSystems IRIS® supports a wide variety of authentication mechanisms. Authentication determines if users are who they say they are. Additionally, InterSystems IRIS® supports a robust role-based authorization system, which determines an authenticated user can create, use, view, change, or delete.
Read all about it
The lightweight directory access protocol
The Kerberos network authentication system
Using operating system credentials
The InterSystems IRIS built-in authentication system
Using your own authentication system and tying in InterSystems IRIS
The system, database, and service resources that protect assets such as an InterSystems IRIS database
Combining permissions and resources to create privileges
Using roles, which are collections of privileges
Managing users, including predefined users
Match authentication with authorization
Your authentication mechanism determines what authorization mechanism you can use.
|Authentication mechanism||Authorization mechanisms|
|LDAP||InterSystems authorization, LDAP|
|Kerberos||Delegated authorization, InterSystems authorization|
|OS-based||Delegated authorization, InterSystems authorization, LDAP|
|Instance authentication||InterSystems authorization|
|Delegated authentication||Delegated authorization, InterSystems authorization|
InterSystems IRIS supports both SMS text authentication and time-based one-time password (TOTP) authentication.
External authorization systems
delegated authorization (authorization only)
delegated authentication (authorization and authentication)
Match authorization with authentication
You can use each authorization/role-assignment mechanism only with certain authentication mechanisms.
|Authorization/role-assignment mechanism||Authentication mechanism(s)|
|Delegated authentication (can also perform authorization)||Delegated authentication|
|Delegated authorization||Delegated authentication, Kerberos, OS-based|
|InterSystems authorization||All authentication systems|