Third-Party Authentication to the SafeLinx Server

You can configure authentication profiles to enable third-party authentication to the SafeLinx Server.

You can configure authentication profiles to use the following types of third-party authentication:
  • Remote authentication dial-in user service (RADIUS) third-party authentication
  • LDAP-bind authentication
  • Certificate-based authentication

Some third-party authentication vendors allow users to change their passwords. A change-password dialog displays on the SafeLinx Client system, but the password cannot be changed.

If you configure a connection profile to use single-party or two-party key exchange, and you also configure a secondary authentication profile, SafeLinx Clients take longer to authenticate. An administrator can also choose Additional Authentication Profiles, which allows authentication methods to be chained together. This action also increases the processing time necessary to authenticate SafeLinx Client users. The connection between the SafeLinx Server and SafeLinx Client is not active until the authentication process completes. Before authentication is complete, any packets that are transmitted are discarded.

HTTP clients can connect by using lightweight third-party authentication (LTPA) and single sign-on (SSO). For more information, see Authentication profiles.