Skip to main content

Authentication and Authorization

InterSystems Supply Chain Orchestrator™ supports a wide variety of authentication mechanisms. Authentication determines if users are who they say they are. Additionally, InterSystems Supply Chain Orchestrator™ supports a robust role-based authorization system, which determines an authenticated user can create, use, view, change, or delete.

Get acquainted

Users and roles in InterSystems IRISOpens in a new tab

Authentication introduction

Authorization: Controlling User Access

Try it

Configuring Role-Based AccessOpens in a new tab

Read all about it


The lightweight directory access protocol


The Kerberos network authentication system

OS-based authentication

Using operating system credentials

Instance authentication

The Supply Chain Orchestrator built-in authentication system

Delegated authentication

Using your own authentication system and tying in Supply Chain Orchestrator

Using Resources to Protect Assets

The system, database, and service resources that protect assets such as an InterSystems IRIS database

Privileges and permissions

Combining permissions and resources to create privileges


Using roles, which are collections of privileges


Managing users, including predefined users

Match authentication with authorization

Your authentication mechanism determines what authorization mechanism you can use.

Authentication mechanism Authorization mechanisms
LDAP InterSystems authorization, LDAP
Kerberos Delegated authorization, InterSystems authorization
OS-based Delegated authorization, InterSystems authorization, LDAP
Instance authentication InterSystems authorization
Delegated authentication Delegated authorization, InterSystems authorization

Two-factor authentication

Supply Chain Orchestrator supports both SMS text authentication and time-based one-time password (TOTP) authentication.

Two-factor authentication

External authorization systems

delegated authorization (authorization only)

delegated authentication (authorization and authentication)

Match authorization with authentication

You can use each authorization/role-assignment mechanism only with certain authentication mechanisms.

Authorization/role-assignment mechanism Authentication mechanism(s)
Delegated authentication (can also perform authorization) Delegated authentication
Delegated authorization Delegated authentication, Kerberos, OS-based
InterSystems authorization All authentication systems

Explore more



FeedbackOpens in a new tab