Set Up User Accounts

An Administrator account is automatically created when Sintelix is installed.

The Administrator can then set up additional user accounts using any of the following methods for identity and access management (IAM):

• Sintelix User Database - Via the built-in user database that is managed by Sintelix Administrators, and where log in is based on a user name and password.
  See Manage Sintelix Users.

• LDAP Lightweight Directory Access Protocol, where users are authenticated against a pre-configured LDAP server (using a user name and password).
  See Configure LDAP Server User Authentication.

• Active Directory, where users are authenticated against a pre-configured Active Directory server (using a user name and password).
  See Configure Active Directory Server User Authentication.

• Windows domain single sign-on authentication (NTLM), where a user’s web browser negotiates the authentication based on the user currently logged in to the Windows PC.
  See Configure Single Sign-on Authentication on Windows.

• PKI Public Key Infrastructure (X.509) authentication, where a user is authenticated by having a recognised security certificate installed in their web browser.
  See Configure PKI Browser Certificate Authentication.

• OAuth (2.0) for Azure allows users to log in using their Microsoft credentials.
  See Configure OAuth Authentication for Microsoft Azure.

Each of these methods support additional attributes that decide on the data access of each user. Some, like PKI, are quite limited in the attributes they can provide, but an administrator can always override all access attributes.

If external user repositories are configured, any log in attempt by a user is first checked against the internal Sintelix user list. If the user is not found, all configured external databases are checked, in the same order as their configuration, until one confirms or rejects a user's password.

The user's role is configured by the 'role' attribute. The role define the user's access to Collections, Networks and Configurations. See Roles and Access Levels.

If the role attribute is missing, the user is assigned the Configurer role (for backward compatibility).