Configuring AM for Authentication

AM provides the following features to authenticate users:

Authentication Nodes and Trees. AM provides a number of authentication nodes to handle different modes of authenticating users. The nodes must be connected together in a tree to provide multiple authentication paths to users.
Authentication Modules and Chains. AM provides a number of authentication modules to handle different modes of authenticating users. The modules also can be chained together to provide multiple authentication mechanisms, so that a user's or entity's credentials must be evaluated by one module before control passes to another module.

Important

Authentication nodes and trees are replacing authentication modules and chains. We recommend that you implement nodes and trees when possible.

AM leaves the authentication process flexible so that you can adapt how it works to your situation. Although the number of choices can seem daunting, once you understand the basic process you will see how AM allows you to protect access to a wide range of applications used in your organization.

Authentication happens at realm level in AM. Each realm has its own authentication configuration that is copied from the parent realm at creation time, which may save you some time if you are configuring subrealms.

The following table summarizes the high-level tasks required to configure authentication in a realm:

Task	Resources
Configure the Required Authentication Trees or Chains You need to decide how your users are going to log in. For example, you may require your users to provide multiple credentials, or to log in using third-party identity providers, such as Facebook or Google.	"Authentication Nodes and Trees" "Authentication Modules and Chains"
Configure the Realm Defaults for Authentication Authentication chains and trees use several defaults that are configured at realm level. Review and configure them to suit your environment.	"Configuring Realm Authentication Properties"
Deactivate the Anonymous User The anonymous user is enabled by default. To harden security, deactivate the anonymous user, unless anonymous access is specifically required in your deployment.	How do I deactivate the default anonymous user in AM?
Configure the Success and Failure URLs for the Realm By default, AM redirects users to the UI after successful authentication. No failure URL is defined by default.	"Configuring Success and Failure Redirection URLs"
Configure an Identity Store in your Realm. The identity store you configure in the realm should contain those users that would log in to the realm.	Identity Stores