User-facing authentication mechanism for applications

User-facing authentication defines how users authenticate to an application.

Enterprise Application Access (EAA) offers the following authentication options:

  • Form. Users enter their username and password through the EAA Login Portal page. This is the default authentication option and it can be combined with multi-factor authentication (MFA). Additionally, cookies are used to maintain the user's login state.

  • Basic. Users are prompted to enter their username and password in a browser dialog. Unlike the Form option, Basic does not support multi-factor authentication and does not use cookies to maintain the user's login state.

  • Basic+Cookie. Like the Basic option, this option prompts users to enter their username and password in a browser dialog. The Basic+Cookie option, however, uses cookies to maintain the user's login state.

  • Certificate Only. This option is available when certificate-based authentication is enabled. With this option, no login credentials are required. Users are authenticated with the certificate that is stored on their machine or device.

Select one of these options in the User-facing Authentication Mechanism setting in the Advanced Settings of an application configuration. These authentication options or mechanisms only apply if the application is assigned to an identity provider (IdP) with an Active Directory (AD), Lightweight Directory Access Protocol Directory (LDAP) or Active Directory Lightweight Directory Services (AD LDS).

Configure the user-facing authentication mechanism

To define how a user authenticates to an application, you must configure an application with one of the following directories:

  • Active Directory (AD)
  • Lightweight Directory Access Protocol (LDAP)
  • Active Directory Lightweight Directory Services (AD LDS)

If certificate authentication is enabled, you also have the option to select Certificate Only as a user-facing authentication mechanism. For more information see Certificate-based authentication in the IdP.

  1. If you are creating a new application, see Add an application to EAA. If you are modifying an existing application, continue to step 2.

  2. Log in to the Enterprise Center.

  3. In the Enterprise Center navigation menu, select Application Access > Applications > Applications.

  4. Select the application to open it.

  5. In Settings > Authentication, if there is no identity provider assigned, assign an identity provider:

    1. Click Assign Identity Provider and select an identity provider from the list.

    2. Click Save & go to Services.

  6. In Advanced > Authentication > User-facing Authentication Mechanism select one of the following:

    • form
    • basic
    • basic+cookie
    • certificate only
  7. Click Save & Exit.

  8. Deploy the application.


Did this page help you?