User authentication solutions

The following article describes the authentication methods the Q-net V7 system provides and utilizes. The method of authentication and authorization in the Q-net V7 system can be configured on the administrative user interface, under the External systems menu, on the Authentication tab.

Simple form authentication

The simplest form of authentication, the credentials are stored locally by the application, in its database.

LDAP form authentication

The application server turns to the Windows AD authenticating server (usually the domain controller) to verify the credentials. This feature includes automatic, scheduled synchronization (review the configuration parameters here), which copies the new users of the respective organizational unit\group into the application.

With the role mapping configured, it can be utilized to automatically assign certain roles to the users which are synchronized from a certain group. You can review the role mapping configuration by clicking here.

Single sign-on (SSO)

Windows NTLM SSO

If the workstation of the part of the domain, the Windows NTLM method works with the LDAP, however if the workstation is not the part of a domain, the browser will ask for credentials, therefore it is not recommended to use without having the workstation added to a domain.

OAuth SSO

This service is related to an external identity provider (Keycloak, Zitadel, EntraID, etc.) when the client's infrastructure is not based on Windows AD hosted on-premise. In this case, there is no user synchronization, so either the users have to administered manually or if the user registration option is enabled, the system will create a user entry at the first login.