Skip to content

Authentications overview


Anindita Basu    Evangeline Philip    Feedback

Authentication is the process of verifying the identity of users who request access to a device, system, or network. Vymo uses the following three types of authentication:

  • Password-based authentication, where user names and passwords are set up in Vymo itself. If the credentials match with the Vymo database, access is given. This is an authentication protocol. It doesn't need any third-party integration. Vymo refers to this method as Vymo authentication.
  • REST API authentication with Lightweight Directory Access Protocol (LDAP), where the customer sets up its LDAP service, and Vymo connects to this service through REST API to validate the user credentials stored on the customer's LDAP server. This is an authentication protocol that integrates with directory services of customers.
  • User authentication with OAuth 2.0, where Vymo connects with a third-party application (such as Office365, Google Workspace, Salesforce, and Azure Active Directory). This is an authorization protocol, and needs explicit permission of the user.

One customer can use more than one authentication type

These authentication protocols work at the user level (and not at the customer level). What this means is, for the same customer, some users can be on Vymo authorization while some others can be on REST API authentication.

2FA supported

Vymo supports two-factor authentication, which uses two methods consecutively to verify a user. See two-factor authentication to know more.

SAML not supported

Vymo does not support SAML, which is an XML-based authentication standard for transferring identification data between two parties (an identity provider and a service provider).

Vymo authentication

This is a two-step process.

This step is triggered when a Vymo user supplies their login ID. The information is sent in an encrypted format to Vymo servers for validation.

graph LR
  A[/Login ID/] -->|Encryption| B[(Vymo auth)];
  B --> C{Is ID valid?};
  C -->|Yes| D[Go to next step];
  C -->|No| E[Show error];

This step is triggered when a Vymo user supplies their password. The information is sent in an encrypted format to Vymo servers. If a match is found, a user session is created.

graph LR
  A[/Password/] -->|Encryption| B[(Vymo auth)];
  B --> C{Is password valid?};
  C -->|Yes| D[(Create user session)];
  C -->|No| E[Show error];

LDAP authentication

This is a two-step process.

This step is triggered when a Vymo user supplies their login ID. This part of the process is the same as the first step of the Vymo authentication process.

graph LR
  A[/Login ID/] -->|Encryption| B[(Vymo auth)];
  B --> C{Is ID valid?};
  C -->|Yes| D[Go to next step];
  C -->|No| E[Show error];

This step is triggered when a Vymo user supplies their password. The information is sent in an encrypted format to the customer LDAP server. The REST request and response format for every customer is different, and depends on how the LDAP service is configured by the customer.

graph LR
  A[/Password/] -->|Encryption| B[(External auth)];
  B --> |Validation result| C[Vymo service];
  C --> D{Is password valid?};
  D -->|Yes| E[(Create user session)];
  D -->|No| F[Show error];

OAuth 2.0 authentication

This is a two-step process.

This step is triggered when a Vymo user supplies their login ID. A redirection happens to the OAuth 2.0 service provider. If the authentication is successful, the remote server sends back an authorization code to Vymo.

graph LR
  A[/Login ID/] -->|Encryption| B[(external OAuth service)];
  B --> C{Is ID valid?};
  C -->|Yes| D[Send auth code to Vymo];
  C -->|No| E[Send error to Vymo];

This step is automatically triggered if the user authentication (in the previous step) is successful. The Vymo server uses the authorization code to request for an access token. The access token returned by the OAuth 2.0 service provider is stored by Vymo and, after verifying the user identity, a session is created in Vymo. The session is deleted when the user logs out.

graph LR
  A[/Auth code/] --> B[(Vymo service)];
  B --> C[Generate access token];
  C -->D[(external OAuth service)];
  D -->E[Return token to Vymo];
  E -->F[(Create user session)];

Implementation considerations

The following table shows a comparison of what can be implemented in Vymo through the available authentication methods.

OAuth 2.0 LDAP Vymo
Works on the web Yes Yes Yes
Works on a phone Yes Yes Yes
Password entry on Vymo screen No Yes Yes
1-tap login No No Yes
Pre-authenticated login No Yes No
Lock the user account if an incorrect password is entered a specific number of times Yes Yes Yes
Force a change in the password after a specific time interval No No Yes
Specify a list of devices that people can log in from Yes Yes Yes
Specify a list of IPs that people can log in from Yes Yes Yes
Allow multiple session login at a time Yes No No
Force logouts after a specific period of inactivity Yes No No

Integrations

The Vymo authentication method needs no integration with any other application. For the other two methods, the following integrations are available.

  • Azure Active Directory
  • Google
  • Salesforce
  • REST API

Setting up authentication

To set up an authentication system of your choice, contact Vymo Support.

See also


Did this page help? No help at allYes, totally!
Back to top