Access to digital workplace platforms like CentricMinds are typically driven by security repositories, with Active Directory being the most common.
Uniquely CentricMinds provides its own security management environment which can be either integrated with Active Directory, or operate as a standalone environment where the creation and authentication of users is managed within CentricMinds.
Users, Groups and Roles security model
CentricMinds supports a Users, Groups and Roles security model. Users are also viewed as resources within CentricMinds and as such can be readily shared and used in the same manner as content. This provides unique and powerful ways of displaying content associated with staff within the Intranet. Users are classified based on their function, namely:
- Site Users (read-only access)
- Authors / Approvers (read & write access)
- Organisational Unit Managers
- Global Administrators
CentricMinds provides two key points of integration with an LDAP compliant data source (e.g. Microsoft Active Directory):
- User Sync: A background tasks that connects to and synchronizes a user’s information from LDAP into CentricMinds
- Authentication: When an individual user attempts to authenticate to CentricMinds, that authentication can be performed against LDAP
CentricMinds provides a flexible authentication model, which includes support for the following approaches:
- Traditional Authentication: CentricMinds provides ‘out of the box’ support for the internal storage of user accounts and their associated authentication. User information is stored within the CentricMinds database.
- LDAP Authentication: CentricMinds provides ‘out of the box’ support for authentication with a LDAP compliant data source (e.g. Microsoft Active Directory). The data source will remain the ‘source of truth’ and all authentication attempts via the CMS will include communication and verification with the data source. Information (included security group and role associations) is synchronized and used by the CMS.
- Mixed Mode Authentication: A combination of Traditional and LDAP Authentication; which first tests against an LDAP compliant data source (e.g. Microsoft Active Directory) followed by an authentication attempt against the CMS (in the event that the LDAP authentication fails). This provides the ability to support internal authentication of staff, but also supports authentication of external users (who do not have an LDAP account) as needed. This brings greater flexibility in supporting user authentication across varying target audiences.
- External Authentication: CentricMinds also provides the ability to perform authentication against external systems (via HTTPS requests) or external databases (via direct data querying).
Single Sign On
CentricMinds provides support for Single sign-on (SSO). SSO is an approach to access control of multiple, related, but independent software systems. With this approach a user logs in once and gains access to all systems without being prompted to log in again at each of them.
- SSO Basic: The CMS supports a basic approach to SSO using the browser’s ability (via NTLMv1 or NTHMLv2) to retrieve the username of the user currently logged into Windows (i.e. within a domain). When the site is accessed, the user will be silently logged into the CMS via their windows user account.
- SSO Advanced: The CMS supports an advanced approach to SSO (which will work with all browsers) and makes use of Microsoft Active Directory Federation Services (ADFS). When the Intranet is accessed, a secure ADFS token is checked for authentication information; if one exists, the user will be silently logged into the CMS, if one does not exist, the user will be directed to login via ADFS and then passed back accordingly.