Supported authentication methods
Tridion Sites supports various authentication methods across the product suite, including Tridion Access Management. For supported applications, you can use Access Management to configure authentication using your choice of Identity Provider (IdP) and authentication protocol.
Access Management functions as a federation gateway for authentication of multiple applications by one or more external Identity Providers (IdPs), such as Azure Active Directory. Applications connect to Access Management through the OpenID Connect protocol, and the IdP then handles authentication requests. Access Management supports IdPs for OpenID Connect, SAML, LDAP and Windows.
If upgrading from an earlier version of Tridion Sites (prior to Access Management being introduced), you probably have existing implementations of authentication and IdPs that were directly configured. In general, direct configuration of authentication is deprecated and we advise that you migrate authentication Access Management wherever it is possible. Direct configuration continues to be supported for the applications that Access Management does not yet support and to provide you with time to complete your migration to Access Management.
The following table summarizes authentication method support across the suite:
| User interface or API | Access Management | Authentication configured directly for one of these protocols: | ||||
|---|---|---|---|---|---|---|
| OpenID Connect | SAML 2.0 | LDAP | Windows (default) | SSO server | ||
| Experience Space | ||||||
Classic user interfaces:
| ||||||
Windows-based Content Management user interfaces, including:
| ||||||
| Core Service REST API for Experience Space | ||||||
| Core Service API for Classic user interfaces | ||||||
| Access Management feature | ||||||
| Add-ons feature | ||||||