...

• Identity Services implement authentication methods and access to Identity Providers. For example, credentials such as user account/password are can be used as an authentication method to access an LDAP Directory Service as the Identity Provider.
• The JS7 supports a number of Identity Services:
  • Build-in Identity Services

    • Display feature availability
      StartingFromRelease 2.2.0

       
      • JS7 - JOC Identity Service, see 

        Jira
        server SOS JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 6dc67751-9d67-34cd-985b-194a8cdc9602 key JOC-1148

      • JS7 - LDAP Identity Service, see 

        Jira
        server SOS JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 6dc67751-9d67-34cd-985b-194a8cdc9602 key JOC-1147

  • External Identity Services

    • Display feature availability
      StartingFromRelease 2.2.0

      • JS7 - HashiCorp® Vault Identity Service, see 

        Jira
        server SOS JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 6dc67751-9d67-34cd-985b-194a8cdc9602 key JOC-1146

    • Display feature availability
      StartingFromRelease 2.3.0

      • Keycloak®, see 

        Jira
        server SOS JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 6dc67751-9d67-34cd-985b-194a8cdc9602 key JOC-1193

...

• Built-in Identity Services ship with the JOC Cockpit and can be used out-of-the-box.
• The JS7 - JOC Identity Service for local user management does not include elaborated features such as password recovery, password complexity constraints, password rotation, etc. and is not intended for such purposes. Instead, this Identity Service is intended as a starting point for users who operate JS7 for testing purposes.
• The JS7 - LDAP Identity Service typically offers such features from an Identity Provider such as Active Directory.

...

• Use of external Identity Services requires that users install and operate the respective relevant Identity Service product.
• Depending on the nature of the Identity Service, security tokens are used that limit the scope (roles) and lifetime of access to JOC Cockpit.

...

Permissions and roles are managed with using the JOC Cockpit. User accounts and role assignments can be managed with using either the JOC Cockpit or with external Identity Services, see . See JS7 - Management of User Accounts, Roles and Permissions for more information.

...

• Required Identity Services: user login is performed with all required Identity Services. No optional Optional Identity Services are not considered.
• Optional Identity Services: with the first successful login to an Identity Service the user is considered being to have logged in and no further Identity Service is Services are not consulted.

Identity Services can be ordered to specify a sequence of preferred services for authentication.

...

• The client (Browser Client, REST API Client) challenges the JOC Cockpit server to present its Server Authentication Certificate that which is then verified by the client.
• The JOC Cockpit server challenges the client to present its Client Authentication Certificate that which is then verified by the JOC Cockpit.

...

• enforce two-factor authentication with clients having to provide a certificate and a password,
• allow single-factor authentication using a certificate instead of  user of user account/password.
  
  

Further Resources

...