Table of Contents

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. SAML Authentication for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Security Guide

Security Guide

Authentication

Authentication

The Service Manager authenticates the services that run in the domain and the users who log in to the Informatica client tools.
You can configure the Informatica domain to use the following types of authentication:
Native Authentication
Native authentication is a mode of authentication available only for user accounts in the Informatica domain. When the Informatica domain uses native authentication, the Service Manager stores user credentials and privileges in the domain configuration repository and performs all user authentication within the Informatica domain.
If the Informatica domain uses native authentication, by default, the domain has a Native security domain and all user accounts belong to the Native security domain.
Informatica uses user name and passwords to authenticate users and services in the Informatica domain.
Lightweight Directory Access Protocol (LDAP) Authentication
LDAP is a software protocol for accessing users and resources on a network. If the Informatica domain uses LDAP authentication, the user accounts and credentials are stored in the LDAP directory service. The user privileges and permissions are stored in the domain configuration repository. You must periodically synchronize the user accounts in the domain configuration repository with the user accounts in the LDAP directory service.
Informatica uses user name and passwords to authenticate informatica users and services in the Informatica domain.
Kerberos Authentication
Kerberos is a network authentication protocol which uses tickets to authenticate users and services in a network. When the Informatica domain uses Kerberos authentication, the user accounts and credentials are stored in the Kerberos principal database, which can be an LDAP directory service. The user privileges and permissions are stored in the domain configuration repository. You must periodically synchronize the user accounts in the domain configuration repository with the user accounts in the Kerberos principal database.
Informatica uses the Kerberos tickets to authenticate Informatica users and services in the Informatica domain.
SAML-based Single Sign-on
Security Assertion Markup Language (SAML) is an XML-based data format for exchanging authentication and authorization information between a service provider and an identity provider. You can configure SAML-based single sign-on for the Administrator tool, the Analyst tool, and the Monitoring tool web applications.
In an Informatica domain, the Informatica web application is the service provider, and Microsoft Active Directory Federation Services (AD FS) is the identity provider. The accounts and credentials for Informatica web application users are stored in Microsoft Active Directory. You import accounts from Active Directory into a security domain within the Informatica domain. You must periodically synchronize the user accounts in the security domain with the user accounts in the Active Directory directory service.
Note that you cannot enable SAML-based single sign-on in an Informatica domain configured to use Kerberos authentication.


Updated October 10, 2019


Explore Informatica Network