In this article, you will learn how Acreto integrates with Identity Providers (like Active Directory or OKTA) to authenticate your users.
An Identity Provider is a service that verifies and stores user identity information. Some examples of Identity Providers are:
In addition to an Identity Provider, you might also want to configure a 2-Factor Authentication (2FA) provider.
Using a 2FA provider will require your users to provide more than one type of credential when authenticating; for example, a password (something users know) and a code displayed via mobile phone (something users own).
Integrating an Identity Provider will allow you to:
Acreto uses Identity Providers to deliver the following features for data plane users:
Acreto sends a request to the Identity Provider each time it needs to access user information. We only store some anonymized user identity data (for example, in Active Directory it is Guid). We might also cache some user data in memory on a short-term basis.
Identity Providers are only used to authenticate an Ecosystem’s data plane users or while connecting to an Ecosystem with OpenVPN or Acreto TLS-Client.