Supported Authentication Tools
Zoomdata supports several approaches to authenticating users. Your organization must choose the best approach given your existing constraints and objectives.
Zoomdata provides basic login access to the Zoomdata application. See Authorizing Zoomdata Access.
- X.509 client certificate authentication can be used for client certificate authentication. However, note that auto-provisioning of user accounts is not available. See Configuring Client Certificate Authentication.
SAML (Security Assertion Markup Language) can be used to provide single sign-on capabilities. See Configuring Zoomdata to Support SAML.
Kerberos can be used to provide single sign-on capabilities. See Configuring Kerberos Single Sign-On (SSO) Settings.
The OAuth 2.0 protocol as well as the OAuth 2.0 Implicit Flow can be used for authentication and authorization. See Using OAuth 2.0 to Access Zoomdata.
LDAP (Lightweight Directory Access Protocol) can be used to enable directory-based access to Zoomdata. Zoomdata can connect to an organization’s Active Directory (AD) and OpenLDAP directory services using configured LDAP settings. See Using Lightweight Directory Access Protocol (LDAP) With Zoomdata.
Zoomdata supervisors can enable or disable Zoomdata's authentication services as required. The available services are listed on the Security Services tab:
Log into Zoomdata as a supervisor.
Click to access the Supervisor menu and then select Security.
The Security page appears. It consists of four tabs: Security Services, SAML Settings, LDAP Settings, and Kerberos Settings. The Security Services tab is selected. Note that the SAML Settings, LDAP Settings, and Kerberos Settings tabs are accessible only when the corresponding service is enabled on the Security Services tab.
Settings for x.509, Kerberos SSO, and OAuth authentication are handled using the
Enabling or disabling any of these security services requires a restart of the Zoomdata service. Basically, any time you toggle a security feature, the Zoomdata service needs to be restarted before the change takes effect. The following toggle status may appear for each of the authentication services: Started, Stopped, Will start or stop on next restart. See Enabling or Disabling a Security Service.
When working with security authentication services, bear in mind that you cannot use them all at the same time. If you toggle a particular security service on, others will become disabled. If you want to use a security service that is disabled, you must toggle the running services off and then start the service you want. The following table describes the compatibility of the security services.
|Security Service||Can Be Used With|
|LDAP||Kerberos, x509, OAuth|
|OAuth||SAML, LDAP, Kerberos, x509|