Hybrid Data Pipeline supports internal and external authentication services. When using the default internal authentication service, the end user authenticates directly with Hybrid Data Pipeline by passing the username and password for his or her Hybrid Data Pipeline user account. Alternatively, one or more end users can be associated with a Hybrid Data Pipeline user account through an external authentication service. In this case, end users pass credentials managed by the external service. Any end user who authenticates via an external service is in effect a proxy for the associated Hybrid Data Pipeline account, and inherits the permissions and administrative access given to the user account.
Administrators use the Authentication API to register external authentication services. An external authentication service can be registered with multiple tenants in the system. However, the service must be registered separately for each tenant. Once a service is registered with a tenant, the tenant administrator can provision end users in the tenant to authenticate via the service. A user with the Administrator (12) permission can register an external authentication service on any tenant within the system. A user with the RegisterExternalAuthService (26) permission can register an external authentication service on any tenant for which he or she has administrative access.
For detailed instructions on setting up external authentication services, see Authentication.
The following table summarizes operations that can be carried out with the Authentication API.
