Configuring authentication in a directory service

SoftExpert Suite provides three forms of authentication in a directory service: NTLMv2, LDAP, and SAML 2.0.

The authentication modes that use the directory service can be classified into two groups:

1. With username and password (NTLM and LDAP): These authentication modes are recommended for cases in which the authentication server and SoftExpert Suite are within the same domain, without the need for external authentication. LDAP offers simpler but less secure communication compared to NTLMv2 and SAML 2.0. Using these options is not recommended if SoftExpert Suite is running in an environment external to the authentication server, such as a cloud server.

2. Using network credentials (SAML): Single sign-on unifies credentials on the authentication server and makes authentication more secure and convenient for users synchronized with the directory service. However, this type of authentication requires a pre-configured infrastructure. SoftExpert Suite supports the SAML 2.0 protocol, which is recommended when the SoftExpert Suite server is running outside the authentication server domain, such as in cases in which the system is hosted on a cloud server, or when there is a need to use a federated identity.

caution

⚠️ Attention:

• You can use both groups together, by selecting only one option from each. Furthermore, the "Internal" authentication mode does not use the credentials maintained by the directory service, only the password defined when the user was registered directly in SoftExpert Suite.