Document toolboxDocument toolbox

.Authentication Options v2.1.4.7

Owned by Pete Stapley (Deactivated)
Last updated: Nov 06, 2018
2 min read

Native Options

User Roles

PCR-360 manages security Permissions and privileges based on a User's Roles. Roles are defined dynamically in PCR-360 and are assigned sets of Permissions to determine which parts of the application are accessible to the User.

Contact Types

Automatic Role Mapping can be done using Contact Types. If configured correctly, when a User authenticates it reads the Contact Types and rebuilds the assigned Roles with any mapped Contact Types. For example the Coordinator Contact Type can be mapped to a Roles like "CustomerCenter".

PCR-360 Integration

When a User is authenticated for the first time, an internal PCR-360 User record and Contact are created (the Contact is only created if an existing Contact cannot be found based on Customer Number or Email). These records are maintained and updated each time the User logs in, enabling the authentication system to be the master for this data. While these records can be manipulated from within the system, any data changes in the released attributes will be overwritten on the next authentication.

PCR-360 manages security Permissions and privileges based on a User's Roles. Roles are defined dynamically in PCR-360 and are assigned sets of Permissions to determine which parts of the application are accessible to the User.  If the third party authentication system provides security group membership for each User, this membership can be mapped onto PCR-360 Roles.  This mapping allows you to manage the PCR-360 User Role membership from the third party authentication system. Alternatively, when a User logs in using a third party authentication system they can be assigned to the Guest or default Role to be changed later by the administrator.

Alternatively, automatic Role Mapping can be done using Contact Types. If configured correctly, when a User authenticates it reads the Contact Types and rebuilds the assigned Roles with any mapped Contact Types. For example the Coordinator Contact Type can be mapped to a Roles like "CustomerCenter".

Third Party Interfaces

PCR-360 offers several authentication options including third party systems: Shibboleth, LDAP (Active Directory or OpenLDAP), Common Access Card (CAC). The third party options operate on similar principles and they all require certain attributes be released from the authentication system:

  • Unique identifier (used as the internal PCR-360 username which could be an email address, user id, or some other unique identifier)
  • Display Name
  • First Name
  • Last Name
  • E-mail
  • Customer Number (aka Account ID or University ID)
  • Phone Number (optional)
  • Group/Role Membership (optional)

If the third party authentication system provides security group membership for each User, this membership can be mapped onto PCR-360 Roles.  This mapping allows you to manage the PCR-360 User Role membership from the third party authentication system. Alternatively, when a User logs in using a third party authentication system they can be assigned to the Guest or default Role to be changed later by the administrator.

Shibboleth

See our Shibboleth Installation Guide for more details for setting up PCR-360 for use with Shibboleth authentication.

Active Directory (LDAP)

See our 2020-12-07_21-29-33_Active Directory Installation Guide for more details for setting up PCR-360 for use with Active Directory authentication.

Common Access Card (CAC)

See our Common Access Card Installation Guide for more details for setting up PCR-360 for use with Common Access Card authentication.

Help Desk Portal - Email: help@pcr.com - Phone: 616.259.9242