Authentication and Authorization

Out of the box, Keyfactor Command is configured to support Windows integrated authentication so that users on domain-joined computers using domain accounts and browsers configured to support integrated authentication do not need to provide a username or password to authenticate to the Management Portal or Keyfactor API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints. Keyfactor Command can be configured to support only basic authentication, which requires entry of a username and password to authenticate to the Management Portal or Keyfactor API endpoints. This can be useful in environments where integrated authentication is not practical or desired, such as when users access the Management Portal using different accounts than they use to log on to their computers.

Keyfactor Command uses a system of security roles and security identities to provide access control to the Management Portal as a whole and to the features within it and the Keyfactor API. In order to access the Management Portal or Keyfactor API, your Active Directory account must be a member of one of the Active Directory groups granted access to the Management Portal during the Keyfactor Command installation and configuration process (see the Administration Section of the Keyfactor Command Server Installation Guide) or your Active Directory account must have been been granted access either directly or via group membership later through the Management Portal (see Security Overview) or with the Keyfactor API (see the Security Roles section of the Keyfactor Web APIs Reference Guide).