Hi, I'm Ask INFA!
What would you like to know?
ASK INFAPreview
Please to access Ask INFA.
Success
Manage your Success Plans and Engagements, gain key insights into your implementation journey, and collaborate with your CSMs
Customer Experience Accelerators
Accelerate your Purchase to Value by engaging with Informatica for Customer Success
My Engagements
All your Engagements at one place
 Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
 Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Experience Lounge
Self-guided, intuitive experience platform for outcome-focused product capabilities and use cases
 Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
SupportFlash
Monthly support newsletter
Product Availability Matrix
Product Availability Matrix statements of Informatica products
Product Lifecycle
End of Life statements of Informatica products
Pulse
Monitor the status of your Informatica services across regions
Events
Change Request Tracking
Marketplace
Trust Platform
English
  • Cloud Data Integration for PowerCenter
  • All Products

Table of Contents

Search

  1. Preface
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Authentication
  5. Kerberos authentication
  6. SAML Authentication for Informatica Web Applications
  7. Domain Security
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Appendix A: Command Line Privileges and Permissions
  14. Appendix B: Custom Roles

Security Guide

Security Guide

Back Next

Authentication

Authentication

The Service Manager authenticates the services that run in the domain and the users who log in to the
CDI-PC Client
 tools.
You can configure the
CDI-PC domain
 to use the following types of authentication:
Native Authentication
Native authentication is a mode of authentication available only for user accounts in the
CDI-PC domain
. When the
CDI-PC domain
 uses native authentication, the Service Manager stores user credentials and privileges in the domain configuration repository and performs all user authentication within the
CDI-PC domain
.
If the
CDI-PC domain
 uses native authentication, by default, the domain has a native security domain and all user accounts belong to the native security domain.
Informatica uses user name and passwords to authenticate users and services in the
CDI-PC domain
.
Lightweight Directory Access Protocol (LDAP) Authentication
LDAP is a software protocol for accessing users and resources on a network. If the
CDI-PC domain
 uses LDAP authentication, the user accounts and credentials are stored in the LDAP directory service. The user privileges and permissions are stored in the domain configuration repository. You must periodically synchronize the user accounts in the domain configuration repository with the user accounts in the LDAP directory service.
Informatica uses user name and passwords to authenticate Informatica users and services in the
CDI-PC domain
.
Kerberos Authentication
Kerberos is a network authentication protocol which uses tickets to authenticate users and services in a network. When the
CDI-PC domain
 uses Kerberos authentication, the user accounts and credentials are stored in the Kerberos principal database, which can be an LDAP directory service. The user privileges and permissions are stored in the domain configuration repository. You must periodically synchronize the user accounts in the domain configuration repository with the user accounts in the Kerberos principal database.
Informatica uses the Kerberos tickets to authenticate Informatica users and services in the
CDI-PC domain
.
SAML-based Single Sign-on
Security Assertion Markup Language (SAML) is an XML-based data format for exchanging authentication and authorization information between a service provider and an identity provider. You can configure SAML-based single sign-on for the Administrator tool, the Analyst tool, and the Monitoring tool web applications.
In
CDI-PC domain
, the Informatica web application is the service provider, and Microsoft Active Directory Federation Services (AD FS) is the identity provider. The accounts and credentials for Informatica web application users are stored in Microsoft Active Directory. You import accounts from Active Directory into a security domain within the
CDI-PC domain
. You must periodically synchronize the user accounts in the security domain with the user accounts in the Active Directory directory service.
You cannot enable SAML-based single sign-on in
CDI-PC domain
 configured to use Kerberos authentication.
0 COMMENTS
We’d like to hear from you!