Authentications overview
Authentication is the process of verifying the identity of users who request access to a device, system, or network. Vymo uses the following three types of authentication:
- Password-based authentication, where user names and passwords are set up in Vymo itself. If the credentials match with the Vymo database, access is given. This is an authentication protocol. It doesn't need any third-party integration. Vymo refers to this method as Vymo authentication.
- REST API authentication with Lightweight Directory Access Protocol (LDAP), where the customer sets up its LDAP service, and Vymo connects to this service through REST API to validate the user credentials stored on the customer's LDAP server. This is an authentication protocol that integrates with directory services of customers.
- User authentication with OAuth 2.0, where Vymo connects with a third-party application (such as Office365, Google Workspace, Salesforce, and Azure Active Directory). This is an authorization protocol, and needs explicit permission of the user.
- User authentication with SAML, where Vymo connects with a third-party application (such as Azure Active Directory). This is an authorization protocol, and needs explicit permission of the user. It is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP).
One customer can use more than one authentication type
These authentication protocols work at the user level (and not at the customer level). What this means is, for the same customer, some users can be on Vymo authorization while some others can be on REST API authentication.
2FA supported
Vymo supports two-factor authentication, which uses two methods consecutively to verify a user. See two-factor authentication to know more.
Vymo authentication
This is a two-step process.
This step is triggered when a Vymo user supplies their login ID. The information is sent in an encrypted format to Vymo servers for validation.
This step is triggered when a Vymo user supplies their password. The information is sent in an encrypted format to Vymo servers. If a match is found, a user session is created.
LDAP authentication
This is a two-step process.
This step is triggered when a Vymo user supplies their login ID. This part of the process is the same as the first step of the Vymo authentication process.
This step is triggered when a Vymo user supplies their password. The information is sent in an encrypted format to the customer LDAP server. The REST request and response format for every customer is different, and depends on how the LDAP service is configured by the customer.
OAuth 2.0 authentication
This is a two-step process.
This step is triggered when a Vymo user supplies their login ID. A redirection happens to the OAuth 2.0 service provider. If the authentication is successful, the remote server sends back an authorization code to Vymo.
This step is automatically triggered if the user authentication (in the previous step) is successful. The Vymo server uses the authorization code to request for an access token. The access token returned by the OAuth 2.0 service provider is stored by Vymo and, after verifying the user identity, a session is created in Vymo. The session is deleted when the user logs out.
Implementation considerations
The following table shows a comparison of what can be implemented in Vymo through the available authentication methods.
| OAuth 2.0 | LDAP | Vymo | |
|---|---|---|---|
| Works on the web | Yes | Yes | Yes |
| Works on a phone | Yes | Yes | Yes |
| Password entry on Vymo screen | No | Yes | Yes |
| 1-tap login | No | No | Yes |
| Pre-authenticated login | No | Yes | No |
| Lock the user account if an incorrect password is entered a specific number of times | Yes | Yes | Yes |
| Force a change in the password after a specific time interval | No | No | Yes |
| Specify a list of devices that people can log in from | Yes | Yes | Yes |
| Specify a list of IPs that people can log in from | Yes | Yes | Yes |
| Allow multiple session login at a time | Yes | No | No |
Integrations
The Vymo authentication method needs no integration with any other application. For the other two methods, the following integrations are available.
- Azure Active Directory
- Salesforce
- REST API
Setting up authentication
To set up an authentication system of your choice, contact Vymo Support.