Authentication overview

Itential Platform supports multiple authentication methods to integrate with your existing identity infrastructure and meet your security requirements.

Only one authentication method can be active at a time. When one method is enabled, all others are disabled.

Authentication methods

Choose the authentication method that best fits your environment:

SAML SSO

Enterprise Single Sign-On with Azure EntraID, Okta, PingID, or AD FS

LDAP

Active Directory and OpenLDAP integration for centralized authentication

RADIUS

Network access authentication via RADIUS protocol

Local AAA

MongoDB-based authentication for development and testing

Secrets management integration

All authentication methods support integration with enterprise secrets management:

HashiCorp Vault:

Automatic password encryption
Centralized credential storage
Version control and audit trails
Credential rotation support

CyberArk CCP:

Enterprise credential provider integration
Read-only access to existing vaults
Compliance and audit capabilities
Integration with existing CyberArk infrastructure

See Secrets management for configuration details.

Get started

Configure SAML SSO

Set up enterprise Single Sign-On

Configure LDAP

Integrate with Active Directory or OpenLDAP

Configure RADIUS

Set up RADIUS authentication

Configure Local AAA

Set up local authentication for development

Rotate passwords

Safely update authentication credentials

Additional resources

Manage users - Create and manage user accounts
Manage groups - Configure group-based access control
User permissions - Define and assign permissions
Secrets management - Secure credential storage