Authentication comprises the following three factors:
Something that you know, such as a password, a PIN, or security questions.
Something that you have, such as a smart card, a token, or a mobile phone.
Something that you are, such as biometrics (fingerprint or iris).
By default, Sentinel uses single-factor authentication (SFA), which matches a password (“something that you know”) to a user name in the database. Sentinel Administrators can configure different types of strong and multi-factor techniques for all its users.
In addition to the default SFA authentication, Sentinel supports the following types of authentication:
LDAP Authentication: Allows users to log in to Sentinel with their LDAP directory credentials. For more information, see LDAP Authentication Against a Single LDAP Server Or Domain and LDAP Authentication Against Multiple LDAP Servers Or Domains.
Kerberos Authentication: Uses secret-key cryptography to provide strong authentication. For more information, see Kerberos Authentication.
Multi-factor Authentication (MFA): A more advanced method of authentication that uses a combination of at least two factors. For example, a combination of a password and a token or a smart card and a fingerprint. For more information, see Multi-factor Authentication.
OAuth Authentication: Allows users to log in to Sentinel using providers such as Google or Facebook. For more information, see OAuth Authentication.
An administrator can switch to a different authentication method at any time. Once the administrator enables an authentication method, Sentinel requires all users to use the authentication process associated with the selected authentication method.
NOTE:Only Sentinel administrators can configure or enable authentication methods.