For users to access the Web UI’s, submit print jobs or release using the embedded terminals, mobile Apps or similar, users must be authenticated. In the Authentication Providers configure how a vendor’s or customer’s users are authenticated.

SAFEQ Cloud server supports three main authentication types:

  • Local user authentication
  • Authentication to external directory based on service account
  • Authentication to external directory performed on the client side (client-based authentication)

Local user authentication

This is the simplest authentication type where the users are created and managed manually in the SAFEQ Cloud server, under the built-in “Local authentication provider”. By default there are few users predefined for each created account, including the admin user.

It is recommended to keep the local admin user as a fallback login in the case when other authentication methods don’t work anymore, for example due to the network issues or a service disruption on the external provider side.

Authentication based on service account

This type of authentication requires to create a service account on the external identity platform which has permissions to search and retrieve users. SAFEQ Cloud supports the following identity platforms for service accounts: Microsoft Azure, LDAP (including Active Directory), Okta.

Service account details (username and password) should be entered in the authentication provider settings. Users can authenticate against SAFEQ Cloud server using all available login types: password, card ID, short ID.

The limitation is that the multi-factor authentication (MFA) is not supported for Microsoft Azure or LDAP when using service accounts.

Client-side authentication

This type of authentication requires SAFEQ Cloud PC client software which uses interactive browser-based authentication provided by the identity platform. It is not necessary to define service accounts and the MFA is fully supported.

The limitation with this authentication type is that it is not possible to login using username and password from the embedded terminal. Only card ID and short ID login is supported. It is possible, however, to login using one-time passwords, for example for card registration. OTPs can be generated manually in the web UI or automatically by the triggers. See section One-time passwords for more information.

The authenticated user has a limited validity time which is defined by the identity platform and the token expiration, typically one hour. SAFEQ Cloud client will automatically renew the token as long as it stays online.

Authentication configuration

There are presently 5 available authentication provider types:

Local Local authentication provider, will authenticate users against the internal users database in SAFEQ Cloud
LDAP LDAP authentication provider enables authentication using LDAP/LDAPS against Active Directory, Novell eDirectory and IBM Domino
Azure AD Azure AD authentication enables authentication against Azure Active Directory. How to configure Azure AD authentications
OKTA OKTA authentication enables integration with OKTA authentication service. How to configure OKTA authentications
Client Client authentication is a special authentication type which is performed by SAFEQ Cloud PC client on the client side. How to configure client authentications
External SAFEQ Cloud supports external authentication provider where external authentication service such as External Card Repository is used to identify user from different authentication provider

New vendor or customer accounts always get the Local Authentication Provider added by default, and cannot be removed.

There is no limit to the number of authentication providers which can be added, for multiple domains etc.
Every provider has its priority number that can be changed (higher number means higher priority) and is used for every logical operation where the order of providers matters.

See additional instructions for configuring specific authentication providers:


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment