GeolinQ possess an authorisation structure to grant access to stored data and the functions to process the data. Permissions are granted to user groups on tenant-, user group- and user level. The users are members of user groups and borrow their permissions from the assigned user groups.
Users and user groups
The data structure of users and user groups is configurable in GeolinQ. Class definitions are defined for the various types of users and user groups to define the structure of the additional information of users and user groups. The additional information configured for users and user groups may also applied in the application services.
User are assigned to an authentication service. An authentication service defines the way an user logs on to a GeolinQ service. GeolinQ possess two types of authentication services:
- Password authentication service
- OpenID authentication service (SSO)
The password authentication service is the standard authentication service where the user logs on using a username or email address and a password. On the password authentication service a password policy is applied like for example the minimal length of a password.
OpenID authentication service (SSO)
GeolinQ possess an OpenID authentication service to connect GeolinQ to Single Sign On (SSO) service. Examples of SSO services that support OpenID are:
- ADFS (Windows Active Directory)
The OpenID authentication service is configurable and maps the attributes of the users and user groups to properties of the user account from the OpenID service. The OpenID service allows the central management of user and groups for an organization in GeolinQ.
Multiple password and OpenID authentication services can be defined and assigned to the various OGC- en application services in GeolinQ.