Authentication in Athento

The platform has a login system that requires a password and a valid user to access the information. Each user is uniquely identified by a user name.

By default the user is authenticated on the platform by filling in username and password on the login page. This information is compared with the information stored in the database or transmitted by the configured identity provider. If the username or password is invalid, a message is sent to the user. The passwords managed in the system are encrypted.

 Athento can also delegate authentication to:

• LDAP or DA
• Azure Active Directory
• Social authentication/registration with support for various authentication frameworks and providers such as Google.
• OAuth2 standard
• SAML2
• Keycloak

Athento manages user accounts, groups, permissions and user sessions based on cookies.
Athento's authentication system handles both authentication and authorization. Authentication verifies that a user is who they say they are, and authorization determines what an authenticated user can do. 

The authentication/authorization system consists of:

• Users
• Permissions: binary indicators (yes/no) that designate whether a user can perform a certain task. The concept of object-level permissions is also incorporated.
• Groups: a generic way to apply labels and permissions to more than one user.
• A configurable password hashing system
• Forms and viewing tools to log in users or restrict content.
• A front end for user management.