User authentication and authorization methods

Last updated

12:21, 17 Apr 2017
Save as PDF
Share
1. Share
2. Share
3. Tweet

Applies to:

Code42 CrashPlan (previously CrashPlan PROe)

Overview

The Code42 platform supports several methods for user authentication and authorization. Authorization in the Code42 environment also includes user management. This article defines authentication and authorization, and explains which methods of authentication and authorization work together.

Authentication and authorization

The Code42 platform separates the concepts of user authentication and authorization, allowing administrators great flexibility in creating an environment that is highly customized to the needs of their organization in terms of security, scalability, employee productivity, and user management.

Authentication

Authentication refers to the process of identifying and verifying users. In the Code42 platform, this occurs when:

Users sign in to the CrashPlan app or administration console
Users are registered for the first time

Authentication can be done using the following methods:

Local Code42 platform directory
LDAP
Single Sign-On (SSO)
RADIUS

Authorization and user management

Authorization refers to the process of determining what roles and permissions a user is entitled to.

In the Code42 platform, authorization includes user management. User management allows the master server to automatically activate and deactivate users, move users into organizations, and assign roles to users.

In the administration console, authorization is referred to as the directory service.

Authorization can be done using the following methods:

Local Code42 platform directory
LDAP

Comparison of authentication and authorization methods

Each method of authentication and authorization has advantages for different situations. This list is not exhaustive, but gives a few of the highlights of each method.

Method	Capability	Advantages	Disadvantages	Scalability
Local	Authentication and/or authorization	Default method No extra setup User database backed up by Code42 environment daily backup with optional remote backup	No automated user management Not integrated into centralized directory service or SSO provider	Medium Can upload multiple users in a text file
LDAP	Authentication and/or authorization	User management Integrated user directory service	Complexity Requires third-party product or service	High
SSO	Authentication only	User can sign in once and access all IT services Centralized Convenience	Requires third-party product or service Complexity	High
RADIUS	Authentication only	Centralized Two-factor authentication Auditing	Requires third-party product or service	High

Considerations

For some combinations of authentication and authorization/user-management, you must take further steps. See the relevant articles by clicking the links in the compatibility table below.

Compatibility table

This table explains which methods of authentication and authorization are compatible. To find out if a particular combination of authentication and authorization methods is compatible, simply choose the desired authentication method and the desired authorization method, and then find the cell where the two intersect.

Authentication Method	Authorization Method
Authentication Method	Local	LDAP
Local	Yes	No
LDAP	No	Yes
SSO	Yes	Yes
RADIUS	Yes	Yes