Introduction to User Authentication and User Management in Insight

Owned by Luna
Last updated: Sept 04, 2012Version comment
2 min read

Insight Studio's user management tools enable you to manage users, shares (common storage areas for image groups), and access to collections within one tool. The User Manager is a separate and distinct component from the Collection or Personal Insight Manager, allowing for a single point of authentication and authorization for all of your organization's content. Insight separates the concepts of authentication, authorization and access;; to enable a user's access to multiple collections with different rights.
Authentication and Authorization are handled in the User Manager, while access and individual rights are ultimately controlled by the Collection Manager or Personal Insight Manager.

General Concepts

There are four sections in the User Manager: Users, User Groups, Shares, and Collections.
Users: Individual users within Insight.
User Groups (Authentication Groups): A group of users that are given access to a collection. There is a 1:1 correspondence between User Groups on the User Manager and those defined within a collection on the Collection Manager (or Personal Insight Manager). You can also think of User Groups as private keys between the User Manager and the Collection/Personal Insight Manager.
Collections: The connection information used by the Insight Client to access a collection, Virtual Collection, or Personal Insight Server. Authentication information for a collection is stored in the User Group.
User Shares: Shared folders within Insight where users can save groups, annotations, or presentations. Users can be given Read, Write, Delete and "Create Sub-Folder" permissions with shares. Shares are associated directly with users and are available within any collection to which a user has access.

*Figure 8: Insight Authentication Process (used by the Java Client and BrowserInsight)# * Insight Client sends Username/Password to server.

  1. Insight Client is authenticated by User Manager, and a list of collections is returned to the user.
  2. User chooses which collection(s) they want to open.
  3. Insight Client sends User Group & Code Key to the server, server validates the user group and code key, and opens the collection.

    Authentication Models

    Depending on your institution's current authentication and authorization System, you may be able to integrate Insight directly into it. Insight supports three separate Authentication models:
    Insight Authentication & Authorization: Uses the Insight User Manager for all Authentication and Authorization tasks.
    LDAP Authentication: Users the LDAP Server for password authentication, but uses Insight for authorization. For more information on LDAP Authentication, please see the "Configuring Insight's Advanced Authentication Systems" section of the Installation and Configuration Guide.
    Kerberos & LDAP Authentication & Authorization (Windows® Active Directory): Uses the Kerberos server for Authentication, the LDAP Server for authorization. For more information on LDAP Authentication, please see the "Configuring Insight's Advanced Authentication Systems" section of the Installation and Configuration Guide.
    NOTE:If you are using Kerberos & LDAP Authentication & Authorization, then many of the changes that you may want to perform may be performed in your LDAP Directory Server as opposed to Insight. Please review the "Configuring Insight's Advanced Authentication Systems" section of the Installation and Configuration Guide.