Authentication options comparison
There are multiple methods for authenticating and managing users in FileHold. The method you choose will depend on the services available in your infrastructure and may depend your organizational security policy.
- FileHold authentication,
- Active Directory (AD) authentication,
- External identity provider (IdP) authentication, and
- Duo multifactor authentication*.
Existing customers with the Active Directory Synchronization option can add the IdP option for a reduced price and use both options during a transition. Contact [email protected] for quotation.
Paragraph holder
Authentication feature | FileHold | Active Directory | External Identity Provider |
---|---|---|---|
FileHold Cloud friendly | ✔ | ✘(1) | ✔ |
Single sign on option | ✘ | ✘(2) | ✔ |
Single sign on works with cross-platform multi-vendor application environments | ✘ | ✘ | ✔(3) |
Multi-factor authentication option | ✔(4) | ✔(4) | ✔(5) |
Multi-factor hardware key option | ✔(4) | ✔(4) | ✔(5) |
User self-registration | ✔ | ✘ | ✔ |
Automatic license activation / deactivation | ✘ | ✔ | ✘ |
Automatic contact details updates | ✘ | ✔ | ✘ |
Automatic group assignments | ✘ | ✔ | ✔(6) |
Secure data transfer | ✔ | ✔(7) | ✔ |
Firewall friendly | ✔ | ✔(2) | ✔ |
- Requires a VPN tunnel between FileHold Cloud and on-premise domain controller.
- Single sign on with Active Directory requires the Kerberos protocol which typically is not used outside of a LAN. In most cases this will effectively make single sign on unusable outside of an on-premise solution.
- Where identity is managed in the same way. Authentication with an external identity provider uses the OAuth2/OIDC protocols. See system requirements for supported identity providers.
- Requires Duo Multi-factor Authentication or FileHold version 17.1 or higher. Duo is a deprecated product feature and no longer available for new sales.
- Requires support and configuration at external identity provider.
- Groups can be added automatically, but are not removed automatically.
- Changes to users are synchronized using the LDAP protocol which communicates between the FileHold server and domain controller in plain text.
* The direct Duo multi-factor option has been deprecated January 2024. Note that Duo can still be used via an external identity provider.