Authentication and Authorization

Keyfactor Command can be configured to use either Active Directory as an identity provider or an identity provider other than Active Directory. If you choose to use Active Directory as an identity provider, Keyfactor Command is by default configured to support both Windows integrated authentication and Basic authentication. Windows integrated authentication allows users on domain-joined computers using domain accounts and browsers configured to support integrated authentication to access the Keyfactor Command Management Portal without needing to provide a username or password to authenticate to the Management Portal or Keyfactor API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints (from the Keyfactor API Reference and Utility accessed in the same browser session) assuming they have a valid Kerberos ticket. Keyfactor Command can be configured to support only Basic authentication, which requires entry of a username and password to authenticate to the Management Portal or Keyfactor API endpoints. This can be useful in environments where integrated authentication is not practical or desired, such as when users access the Management Portal using different accounts than they use to log on to their computers.

When using an identity provider other than Active Directory, Keyfactor Command uses tokens for authentication and requires users to enter a username and password to authenticate to the Management Portal. To use the Keyfactor API, users need to acquire a token (see Authenticating to the Keyfactor API).

Keyfactor Command uses a system of security roles and claims to provide access control to the Management Portal as a whole and to the features within it and the Keyfactor API. In order to access the Management Portal or Keyfactor API, the account you are using to access Keyfactor Command must be a member of one of the groups granted access to the Management Portal during the Keyfactor Command installation and configuration process (see Administrative Users Tab) or your account must have been granted access either directly or via group membership later through the Management Portal (see Security Roles and Claims) or with the Keyfactor API (see Security Roles).