The Enterprise File Fabric™ has a very good internal authentication system. It uses a strong one way hash function, salts the passwords before it hashes them, and stores the hash values and not the passwords. If the File Fabric was the only asset for which an enterprise required access control, then there would be no need for additional authentication options.
Authentication System Choices
In the real world enterprises often have scores or hundreds (sometimes thousands!) of systems to which they must provide secure access. Because managing access to each system separately would be inefficient and error prone, almost every enterprise has a strategic authentication solution that is its first choice for controlling access to every application. These strategic authentication solutions are often instances of Active Directory, but a variety of other authentication solutions are also widely used. The File Fabric provides out-of-the-box support for authentication with:
- Active Directory
- Other LDAP-accessible directory services such as OpenLDAP
- SAML-based authentication systems such as OKTA, ADFS, GSuite SAML, Duo Access Gateway
- OpenID-based authentication systems via Keycloak
in addition to its own secure internal authentication system.
Using More than One Authentication System
Ideally an enterprise would have only one strategic authentication solution but, for a variety of reasons, some enterprises may find themselves using two or more authentication systems. The File Fabric supports this scenario by allowing several external authentication systems to be configured. Each user is assigned to one of the authentication systems, and that authentication system is used to authenticate the user for login.
Working With TOTP
Many organisations have added time-based one-time passwords (TOTP) to their authentication processes to augment the security provided by conventional passwords. The File Fabric provides robust support for TOTP, allowing them to be used in conjunction with all of the supported authentication options. One-time passwords are delivered by email or through a mobile application.
Although this post focusses on the authentication options provided by the Enterprise File Fabric®, security professionals will also be interested in knowing how the File Fabric manages authorization, both for controlling access to File Fabric functionality and also for controlling access to the storage that is connected to the File Fabric. That will be the topic of a future blog post. In the meantime, if you want to learn more about authentication, authorization or any of the File Fabric’s many robust security features please contact email@example.com