You can add, configure, and enable/disable authentication methods you choose for your system.
The Authentication Settings in the Vocera Platform Web Console provide configurable options for managing system access. A System Administrator can configure Password or Kerberos authentication methods for authenticating users to access the Vocera Platform. They can also configure the system to handle proxied requests in a clustered environment that utilizes an application delivery controller (ADC) such as BIG-IP.
Password authentication allows users to access the Vocera Platform with a password. This option is enabled by default in the Authentication Settings configuration.
Kerberos is a network authentication protocol implemented in the user's facility to authenticate user accounts in the system. This option provides strong authentication for client/server applications by using secret-key cryptography. Kerberos authentication is disabled by default, and can be enabled in Authentication Settings. A System Administrator can use the Kerberos authentication method to upload keytab files for server credentials and set the allowed Kerberos realms for authenticating clients to the HTTP service.
When both Password and Kerberos methods are selected in the Vocera Platform Web Console, and the user is unable to authenticate via Kerberos, they can still be authenticated via a password. The Windows domain authentication supports Kerberos; when Kerberos is properly configured, Windows integrated authentication works with the Vocera Platform Web Console.
At least one authentication method must be selected. The configuration edits cannot be saved if both options are unselected. In this example where neither authentication method is selected, the Submit option is not active, which prevents a user accidentally putting the system into a state where it cannot be accessed.
