Using Artifactory 6.x ?
JFrog Artifactory 6.x User Guide
Have a question? Want to report an issue? Contact JFrog support
The following sections describe all the means of authentication available in Artifactory.
Artifactory provides a detailed and flexible permission-based system to control users' access to different features and artifacts.
To learn more, please refer to Configuring Security.
Artifactory supports authenticating users against an LDAP server out-of-the-box. When LDAP authentication is active, Artifactory first attempts to authenticate the user against the LDAP server. If LDAP authentication fails, Artifactory tries to authenticate via its internal database. For every LDAP authenticated user Artifactory creates a new user in the internal database (provided that the user does not already exist), and automatically assigns that user to the default groups.
To learn more, please refer to Managing Security with LDAP.
Artifactory supports integration with an Active Directory server to authenticate users and synchronize groups. When authentication using Active Directory is configured and active, Artifactory first attempts to authenticate the user against the Active Directory server. If the authentication fails, Artifactory tries to authenticate via its internal database. For every externally authenticated user configured in your Active Directory server, Artifactory creates a new user in the internal database (provided the user does not already exist), and automatically assigns that user to the default groups.
To learn more, please refer to Managing Security with Active Directory.
The Single Sign-on (SSO) Add-on allows you to reuse existing HTTP-based SSO infrastructures with Artifactory, such as the SSO modules offered by Apache HTTPd. Artifactory's authentication will work with commonly available SSO solutions, such as native NTLM, Kerberos, etc... SSO works by letting Artifactory know what trusted information it should look for in the HTTP request, assuming that this request has already been authenticated by the SSO infrastructure, which sits in front of Artifactory.
To learn more, please refer to Single Sign-on.
SAML is an XML standard that allows you to exchange user authentication and authorization information between web domains. JFrog’s Artifactory offers a SAML-based Single Sign-On service allowing federated Artifactory partners (identity providers) full control over the authorization process. Using SAML, Artifactory acts as service provider which receives users authentication information from external identity providers. In such case Artifactory is no longer responsible to authenticate the user although it still has to redirect the login request to the identity provider and verify the integrity of the identity provider’s response.
To learn more, please refer to SAML SSO Integration.
OAuth integration allows you to delegate authentication requests to external providers and let users login to Artifactory using their accounts with those providers. Currently, Google, OpenID Connect, GitHub Enterprise and Cloud Foundry UAA are supported.
To learn more, please refer to OAuth Integration.
Artifactory supports SSH authentication for Git LFS and the JFrog CLI using RSA public and private keys. SSH has the benefit of two-way authentication. In other words, before any sensitive data is exchanged between Artifactory and the client, the Artifactory server is authenticated to the client, and then the user operating Git LFS or JFrog CLI client is authenticated to Artifactory.
To learn more, please refer to SSH Integration.
Atlassian Crowd Integration
The Atlassian Crowd Integration allows you to delegate authentication requests to Atlassian Crowd, use authenticated Crowd users and have Artifactory participate in a transparent SSO environment managed by Crowd. In addition, Atlassian Crowd Integration allows the use of JIRA User Server as an authentication server, but without support of SSO.
To learn more, please refer to Atlassian Crowd and JIRA Integration.
Artifactory offers the option for authentication through access tokens. An access token may be assigned to a user, or to an entity that is not an Artifactory user such as a job in a CI server. Permissions are assigned to access tokens by including them in Groups. Access tokens offer advantages such as cross-site authentication, limited-time access, authenticated access for non-users and more.
To learn more, please refer to Access Tokens.
Custom Authentication with User Plugins
You can use User Plugins to implement custom authentication policies.
To learn more, please refer to Management of Security Realms.