Configure AM for authentication

AM provides the following features to authenticate users:

Authentication nodes and trees: AM provides a large variety of authentication nodes, and lets you develop custom nodes, based on your authentication requirements. You connect these nodes to create a tree that guides users through the authentication process.
Authentication modules and chains: AM provides a number of authentication modules to handle different methods of authenticating users. The modules can be chained together to provide multiple authentication mechanisms. A user’s credentials must be evaluated by one module before control passes to the next module in the chain.

Authentication nodes and trees are replacing authentication modules and chains. If your deployment uses modules and chains, you should consider moving to nodes and trees when possible.

The authentication process is extremely flexible, and can be adapted to suit your specific deployment. Although the number of choices can seem daunting, once you understand the basic process, you will be able to configure an authentication path to protect access to most applications in your organization.

Authentication is configured per realm. When a new realm is created, it inherits the authentication configuration of the parent realm. This can save time, especially if you are configuring several subrealms.

The following table summarizes the high-level tasks required to configure authentication in a realm:

Task	Resources
Configure the required authentication mechanisms You need to decide how your users are going to log in. For example, you may require your users to provide multiple credentials, or to log in using third-party identity providers, such as Facebook or Google.	Authentication nodes and trees Authentication modules and chains
Configure the realm defaults for authentication Authentication chains and trees use several defaults that are configured at realm level. Review and configure them to suit your environment.	Realm authentication configuration
Configure the success and failure URLs for the realm By default, AM redirects users to the UI after successful authentication. No failure URL is defined by default.	Success and failure redirection URLs
Configure an identity store in your realm. The identity store you configure in the realm should contain those users that would log in to the realm.	Identity stores

Task

Resources

Configure the required authentication mechanisms

You need to decide how your users are going to log in. For example, you may require your users to provide multiple credentials, or to log in using third-party identity providers, such as Facebook or Google.

Configure the realm defaults for authentication

Authentication chains and trees use several defaults that are configured at realm level. Review and configure them to suit your environment.

Realm authentication configuration

Configure the success and failure URLs for the realm

By default, AM redirects users to the UI after successful authentication. No failure URL is defined by default.

Success and failure redirection URLs

Configure an identity store in your realm.

The identity store you configure in the realm should contain those users that would log in to the realm.

Identity stores

AM 7.3.1

Configure AM for authentication