User Authentication Overview

The Informatica domain can use the following types of authentication to authenticate users in the Informatica domain:

Native user accounts are stored in the Informatica domain and can only be used within the Informatica domain. LDAP user accounts are stored in an LDAP directory service and are shared by applications within the enterprise.

You can select the type of authentication to use in the Informatica domain during installation. You can use native authentication and LDAP authentication together in the Informatica domain. The Service Manager authenticates the users based on the security domain. If a user belongs to the native security domain, the Service Manager authenticates the user in the domain configuration repository. If the user belongs to an LDAP security domain, the Service Manager passes the user name and password to the LDAP server for authentication.

The native security domain is created at installation and cannot be deleted. An Informatica domain can have only one native security domain. You create and maintain user accounts in the native security domain in the Administrator tool. The Service Manager stores details about the user accounts, including the user credentials and privileges, in the domain configuration repository.

To enable the Informatica domain to use LDAP user authentication, you must set up a connection to an LDAP server and specify the users and groups from the LDAP directory service that can have access to the Informatica domain. You can use the Administrator tool to set up the connection to the LDAP server.

When you synchronize the LDAP security domains with the LDAP directory service, the Service Manager imports the list of LDAP user accounts with access to the Informatica domain into the LDAP security domains. When you assign privileges and permissions to users in LDAP security domains, the Service Manager stores the information in the domain configuration repository. The Service Manager does not store the user credentials in the domain configuration repository.

When a user logs in, the Service Manager passes the user name and password to the LDAP server for authentication.

Configure the LDAP security domains to store the list of users from an LDAP directory service that you want to allow access to the Informatica domain and client applications. The LDAP security domain does not store user account credentials. When a user logs in to an Informatica client, the Service Manager verifies that the user account is in a security domain. If the user account belongs to an LDAP security domain, the Service Manager authenticates the user with the LDAP directory service.

After installation, you can add users and groups to the native security domain. If you have users in an LDAP directory service that you want to give access to Informatica client applications, you can set up LDAP security domains in addition to the native security domain. Configure a connection to the LDAP server and import the users and groups into the LDAP security domains.

After installation, you can configure a connection to the LDAP server and import users and groups from the LDAP directory service into the LDAP security domain.