Authentication is the process by which one identifies a user or program. Authentication may involve checking the user ID and password supplied interactively by an individual or presented automatically by a program. Authentication can also be delegated, in which case one party trusts that the other has taken responsibility for authentication. Authorization is the process of determining the capabilities and resources to which an authenticated user or program has access.

By default, Managed Reporting authenticates and authorizes users to its built-in security repository (installation_dir/WebFOCUS/basedir/user.htm). While it is possible to build a successful implementation that authenticates users to the built-in repository, there are advantages to externalizing Managed Reporting authentication:

• Single sign-on. Individuals who use Managed Reporting typically have user IDs and passwords managed by other systems. When Managed Reporting authenticates users to an external security system, or trusts that authentication has already taken place, users benefit because they do not need to manage another user ID/password combination in Managed Reporting.
• Security. While there are options to increase the strength used to encrypt passwords in the built-in repository (see WebFOCUS Encryption Features), an external security system may provide better security. For example, password complexity checks and a not to exceed setting for unsuccessful logon attempts.
• Auditing. Companies are under pressure to implement controls around their reporting systems. It may be more practical to leverage auditing features built into the external security system than to expect Managed Reporting to address this requirement.
• Administration. Some companies have established processes in place for individuals to update personal information, such as passwords. External authentication avoids the issue of how to interface these systems with Managed Reporting.

This chapter explains the different ways you can configure external or trusted authentication for Managed Reporting. You should review all the options before selecting an approach because there may be more than one way to achieve a given objective.

Note: You can implement a custom solution by developing an extension to the Realm Driver to perform authentication. For more information, see Developing a Managed Reporting Realm Driver Extension.