4. Authentication¶
Users are authenticated, and recieve roles depending on the authentication backend. Users are administered locally in an application specific table that can be managed using Invoke.
Two factor authentication can be enabled on top of the normal authentication
backends local and ad. Currently only DUO is supported and explored
below.
4.1. First factor authentication backends¶
4.1.1. Local authentication¶
Local authentication makes QueryBuilder authenticate users against a table of locally configured users.
Users can be added and removed using Invoke. Note that a user role
needs to be granted on a user for him to be able to access and edit a
configured project.
4.1.2. AD authentication¶
Users logging into QueryBuilder can be authenticated and to some extent be
authorised using an Active Directory. Prerequisites here a provisioned Project
that contains an authgroup that matches one of the group memberships for
the AD user. The user need not be further provisioned in the QueryBuilder.
See Configuration chapter for more info, specifically the settings starting with AD_.
4.1.3. Azure AD authentication¶
Users logging into QueryBuilder can be authenticated and to some extent be
authorised using the Azure Active Directory. Prerequisites here a provisioned
Project that contains an authgroup that matches one of the group memberships
for the Azure AD user. The user need not be further provisioned in the
QueryBuilder.
See Configuration chapter for more info, specifically the settings starting with AZURE_.
4.2. Second factor authentication backends¶
4.2.1. DUO¶
Users authenticating into QueryBuilder can be asked for a second authentication factor via DUO. They will then be contacted via mobile app or sms to provide further proof of identity.
See Configuration chapter for more info, specifically the settings starting with DUO_.