Skip to main content

Authentication Methods

Authentication methods control how users verify their identity when accessing Qalyptus Server. Proper authentication configuration ensures secure access while providing flexibility for different user types and organizational requirements.

Supported Authentication Methods

Qalyptus Authentication

  • Email and Password: Standard credential-based authentication
  • Local Management: Passwords managed within Qalyptus Server
  • Self-Service: Users can reset passwords via email

Windows Authentication

  • Domain Integration: Authenticate using Active Directory credentials
  • Automatic Mapping: Domain account linking to Qalyptus users
  • Network Authentication: Uses established Windows domain sessions

Identity Providers (SAML)

  • Single Sign-On: Enterprise authentication through SAML providers
  • External Identity: Authentication handled by external systems
  • Federated Login: Support for Azure AD, ADFS, Okta, and other SAML providers

Authentication Configuration

  • Navigate to Administration > System > Organizations
  • Select and edit the target organization
  • Go to the Authentication tab
  • Select one or more authentication types
  • Save configuration changes

Qalyptus Server System Authentication

Edition Differences
  • Business Edition: Global authentication settings apply to all users. Supports only "Qalyptus Authentication".
  • Enterprise Edition: Authentication methods configured per organization. Supports all authentication types.

Authentication Method Details

Qalyptus Authentication

  • Built-in Method: Available by default in all installations
  • Password Requirements: The user must create their password
  • Password Recovery: Email-based password reset functionality

Windows Authentication

  • Domain Membership: Qalyptus Server must be domain-joined or have domain trust
  • User Mapping: Domain accounts must be specified in Qalyptus user profiles
  • Network Connectivity: Reliable connection to domain controllers
  • Service Account: Qalyptus service must run under appropriate account

Identity Provider Authentication

  • Identity Provider: Configured identity provider (Azure AD, ADFS, Okta, etc.)
  • Metadata Exchange: SAML metadata from identity provider
  • Certificate Management: Valid signing certificates for SAML assertions
  • Attribute Mapping: User attributes mapped between systems
Authentication Strategy

Start with Qalyptus authentication for initial setup, then gradually integrate enterprise authentication methods based on organizational needs and security requirements.