Step 1: Defining authentication providers for the gateway

The Blue Cedar Connect Gateway supports the following options for authentication providers:

• Local: A "local" file for authenticating client users of the gateway; this is an authentication provider that exists on the gateway. See Configuring a local authentication provider.

• Active Directory: Directory service for authenticating client users of the gateway. See Configuring Active Directory to authenticate gateway users.

• Web authentication (web-auth): External web server that authenticates the identity of the gateway using the HTTPS protocol. See Configuring an external web server for authenticating gateway users

• Lightweight Directory Access Protocol (LDAP/SLDAP): Directory service protocol for authenticating client users of the gateway. See Configuring LDAP/LDAPS authentication of gateway users.
• Remote Authentication Dial-In User Service (RADIUS): Networking protocol that provides centralized authentication, authorization, and accounting management for remote users. See Configuring RADIUS authentication of gateway users.
• OAuth: Open standard protocol for authorization. The gateway makes a request to validate the user via a Microsoft OAuth token. See Configuring OAuth authorization of gateway users. 

In some cases, you can specify authorization attributes for users that are authenticated using authentication providers other than local.

• For authentication providers that support mapping a user into a local group (currently only LDAP and local auth), a custom local group may be used. See "Setting a custom local group for LDAP" in Configuring LDAP/LDAPS authentication of gateway users.
• For other authentication providers, authorization attributes may be set on the newly added default local group.

This allows administrators to permit rooted devices to connect to the gateway when authenticating using Active Directory.