Table of Contents

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. SAML Authentication for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Security Guide

Security Guide

Security Domain

Security Domain

A security domain is a collection of user accounts and groups in the Informatica domain.
The Informatica domain can have the following types of security domains:
Native Security Domain
The Native security domain contains the users and groups created and managed in the Administrator tool. Informatica stores all credentials for user accounts in the Native security domain in the domain configuration repository. By default, the Native security domain is created during installation. After installation, you cannot create additional Native security domains or delete the Native security domain.
If the Informatica domain uses Kerberos authentication, the domain does not use the Native security domain.
LDAP Security Domain
An LDAP security domain contains users and groups imported from an LDAP directory service. If the Informatica domain uses LDAP or Kerberos authentication, you can create an LDAP security domain and add users and groups that you import from the LDAP directory service.
When you install Informatica services and create a domain that uses native or LDAP authentication, the installer creates the Native security domain but does not create an LDAP security domain. You can create LDAP security domains after installation.
When you install Informatica services and create a domain that uses Kerberos authentication, the installer creates the following LDAP security domains:
  • Internal security domain. The installer creates an LDAP security domain with the name _infaInternalNamespace. The _infaInternalNamespace security domain contains the default administrator user account that you create during installation. After installation, you cannot add users to the _infaInternalNamespace security domain or delete the security domain.
  • User realm security domain. The installer creates an empty LDAP security domain gives it the same name as the Kerberos user realm you specify during installation. After installation, you can import users from the Kerberos principal database into the user realm security domain. You cannot delete the user realm security domain.
    When you run command line programs in a domain that uses Kerberos authentication, the security domain option defaults to the user realm security domain created during installation.
You create and manage LDAP security domains the same way, whether the Informatica domain uses LDAP authentication or Kerberos authentication.

Updated July 24, 2019


Explore Informatica Network