Core Concepts and Terminology

  • Users
     - Entities that have the ability to log into the application. The users have profiles which can include name, username, password, email, address, phone number, and birthday. Users can belong to groups and can have specific roles assigned to them.
  • Authentication
     - The process of identifying and validating a user.
  • Authorization
     - The process of granting the user access to the system.
  • Credentials
     - Data that Analytics Security Provider uses to verify the identity of a user. Examples include passwords, OTP, digital certificates or fingerprints. Not all of these will be available in the application.
  • Roles
     - Used to categorize different types of users. For example, Admin and User are typical roles that may exist within a company. Roles are given access permissions rather than each specific user. Assigning access privileges on a user to user basis can become hard to manage within large companies or factories.
  • User Role Mapping
     - Defines the mapping between a Role and a User. A User can be associated with multiple roles or no roles. Role mapping information can be stored in tokens so that applications can decide access permissions on various resources they manage.
  • Groups
     - Made up of users. Attributes can be defined for a group. Roles can also be assigned to groups as well. Users that are part of the group will inherit the attributes or roles that are assigned to the group.
  • Realms
     - Manage a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are confined from one another and can only manage and authenticate the users within that particular realm.
  • Clients
     - Applications that want to use Analytics Security Provider for security and to provide a single sign on solution. For example: DataFlowML or DataView. Clients can request the Analytics Security Provider to authenticate a user. Analytics Security Provider requests identity information or an access token so that it can securely allow third parties to access the applications.
  • Identity Token
     - A token that provides identity information about the user. This is part of the OpenID Connect specification.
  • Session
     - Once a user logs in, a session is created to manage the login session. The session contains information like when the user logged in and which applications have participated within single sign on during that session. Both Admins and users can view session information.
    NOTE:
    The default timeout of a session is 30 minutes.
  • User Federation Provider
     - The Analytics Security Provider can store and manage users. Most of the time, companies already utilize LDAP or Active Directory services that store user and credential information. You can point the Analytics Security Provider to validate credentials from those external stores and pull in identity information.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.