The login page is not the only way to authenticate a user against the platform. Some other protocols can be used, sometimes requiring to install an additional module:
- Basic authentication (built-in)
- Token (proprietary) (built-in)
- oAuth (built-in)
- SAML (addon)
- 2 Steps (with SMS for instance) (Addon)
- Trusted (for instance requests coming from that particular IP address do not need to validate authentication) (built-in)
- Open ID (addon)
- Kerberos (built-in)
- CAS (built-in)
- NTLM (built-in)
- Redirecting to a remote identity management solution then having the user fall back authenticated to theplatform (SSO servers, Open Id, Portals, ...) (built-in or plugin, depending on the case)
Thanks to the pluggability of the authentication layer (see the Implementation section), it is easy to write a custom authentication protocol when necessary.
Default configuration checks identity against a Java implementation inside Athento ECM. By configuration and addition of some modules, and following the above list of supported protocols, the platform can be integrated with various identity providers:
- LDAP server
- Active Directory server
- Open ID compatible web platforms: Google, Twitter, Facebook, GitHub, ...
- SAML compatible identity Management solutions, on premise or SAAS, such as One Login, ClearTrust, ...
- Kerberos compatible identity providers
- Shibboleth Servers (Federated identity management)
- SSO Servers (ex: CAS Server, Site Minder)
Nuxeo provides Two-Factor authentication using DuoWeb, though other solutions may be integrated, detailed info at https://doc.nuxeo.com/nxdoc/nuxeo-duoweb-two-factor-authentication/
Regarding VPN connection, our services use the usual protocols http and https, so as long as network setup allows it, our services will be available via internet or VPN.