When logging on to DataSplice, users must provide a Domain Name that instructs the server which authentication backend to use to process the credentials. 

There is a built-in domain called DataSplice that is maintained entirely by the server. This contains the default users and roles, and can be used to create additional accounts if desired. However, in most instances an external authentication source will be used.

External Domains

Most installations will be configured to access the user and group information from an external system, such as Microsoft Active Directory. This allows account information to be maintained separately from DataSplice so there is no need to synchronize or duplicate this information.

Adding a domain will display a set of options specific to the selected authentication plug-in. The following authentication providers are available:

ADO.NET Data Source Plug-in

Provides access to user and group accounts defined by a SQL Server or Oracle database. This plug-in is used primarily to connect to Maximo 4.xx systems to authenticate users.

Maximo Integration Plug-in

Provides authentication services for Maximo versions 5 and later (For 4.11 the ADO.NET plug-in should be used).

Windows Authentication Plug-in

Connects to Microsoft Active Directory (LDAP) to authenticate against a Windows domain.

Creating a New Domain

Additional domains can be added using the Actions -> Create Authentication Domain menu item:

• Domain Name - The name users will supply when logging in
• Authentication Source - The plug-in that will control this domain
• Domain Template - Some plug-ins will provide multiple configuration templates to make it easier to use common settings.

Once the domain has been created, a set of options specific to the authentication plug-in will be displayed. For instance, for Active Directory domains this allows you to specify the name of the domain to connect to and credentials to connect to the AD server (if needed).

Note that the Maximo Integration Plug-in automatically manages the domain it provides, so it is unnecessary to create a domain. The domain name can be changed (from MAXIMO) if desired in the plug-in options screen.

ADO.NET Authentication Domains

The plug-in has a single template (Maximo4) that creates a domain with the following options:

• Connection Profile - The ADO.NET Data Source connection profile name that specifies the underlying database to access.
• Query Database Users - SQL query that returns a list of the user names available for the domain.
  
• Query Database Groups - SQL query that returns a list of the groups available for the domain.
• Query Database User-Group Associations - SQL query that returns group membership information. This should have two columns, the first being the user name and the second the name of the group the user is a member of.

Note that the queries rarely need to be modified from those specified by the template.

To authenticate the plug-in attempts to establish a database connection with the specified credentials. If that succeeds the connection is allowed, otherwise an authentication error is returned to the user.

Maximo Authentication Domains

The Maximo Integration Plug-in will automatically export a single authentication domain for the Maximo instance it is connected to (typically named MAXIMO). This domain does not have any additional configuration options.

Windows Authentication Domains

The plug-in has a single template (Default) that creates a domain with the following options:

• User Name - The account name used to connect to the domain controller, which must have permission to enumerate the list of users and groups.
  
• Password - Password for the specified account.
  
• User List Filter - LDAP query fragment for restricting the list of available users.
  
• Group List Filter - LDAP query fragment for restricting the list of available group.
• Domain Name - The name of the domain to authenticate with. This should be either the ActiveDirectory name (MY_CORP), or the network address of a domain controller on the network.
  
• Directory Attributes - Allows additional attributes to be defined for each user from the ActiveDirectory record. For instance, this can be used to fetch the user's email address and make it available to DataSplice. The Property Name must be an valid object property available for user accounts.
  

Note that the Windows Authentication Plug-in cannot be used to authenticate Maximo users when integrated with LDAP. See the page with more details about Maximo Application Server Authentication for details on how to configure the Maximo plug-in to work in this environment.